[ previous ] [ next ] [ threads ]
 
 From:  "Tracy Phillips" <m0n0 dash lists at weberize dot com>
 To:  "'Manuel Kasper'" <mk at neon1 dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] I am confused on rule order
 Date:  Tue, 4 Nov 2003 06:52:12 -0600
Thanks for clarifing that for me Manuel.

Tracy 

> 
> -----Original Message-----
> From: Manuel Kasper [mailto:mk at neon1 dot net] 
> Sent: Tuesday, November 04, 2003 12:29 AM
> To: Tracy Phillips
> Cc: m0n0wall at lists dot m0n0 dot ch
> 
> On 04.11.2003, at 02:21, Tracy Phillips wrote:
> 
> > I am under the impression that ipf rules are were evaluated and the 
> > last rule that matched was the one that triggered a block.
> 
> Rules were processed on a first-match basis in pb18, too, but 
> it didn't really make a difference because you could only 
> have pass rules. So the rule order obviously didn't matter.
> 
> > Hint: rules are evaluated on a first-match basis (i.e. the 
> action of 
> > the first rule to match a packet will be executed). This 
> means that if 
> > you use block rules, you'll have to pay attention to the rule order.
> > Everything that isn't explicitly passed is blocked by default.
> >
> > This sounds more like ipfw doesn't it?
> 
> Yeah, or ipf with the "quick" statement on each rule. I think 
> this is a good thing to do. Makes things more logical and 
> faster, too (by not having to evaluate all rules for each packet).
> 
> - Manuel
> 
>