[rescue] PF question - WAS::::::::::::::Re Good SOHO router for ASDL?
Jerry Kemp
sun.mail.list47 at oryx.us
Thu Nov 5 01:34:28 CST 2015
Hello Andrew,
Thank you for the comment.
Without a doubt, the problem I have with the "last match wins" is more a mental
block thing with me, vs suggesting that there might be anything wrong with the
default behaviorism.
Stubborn headed-ness on my part, due to years and years of writing access list
on Cisco routers, and similar rules on PIX & ASA devices in a top-down style
have undoubtedly left me in the rut I am in today. :)
Jerry
On 11/ 4/15 06:09 PM, Andrew M Hoerter wrote:
> As was mentioned, 'quick' works equivalently in pf. But I think you'll find
> that "last match wins" is a more idiomatic, and perhaps more understandable,
> style of writing pf rulesets once you get used to it. It's common to begin with
> a default block rule followed by explicit pass rules, and that's the usual
> construction you'll see in the OpenBSD FAQ.
>
> quick has its place (no point evaluating the entire ruleset for totally invalid
> packets, etc), but I've been able to shorten many complex rulesets by getting
> rid of it where appropriate.
>
> Just a suggestion.
> _______________________________________________
> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue
More information about the rescue
mailing list