From owner-freebsd-questions  Fri Feb 16  5:53:58 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from [209.239.36.156] (host2.hostmatters.com [209.239.36.156])
	by hub.freebsd.org (Postfix) with ESMTP id 49F9F37B67D
	for <freebsd-questions@FreeBSD.ORG>; Fri, 16 Feb 2001 05:53:55 -0800 (PST)
Received: from nhqadmin17 (224host88.redcross.org [162.6.224.88])
	by [209.239.36.156] (8.10.2/8.10.2) with SMTP id f1GDrfE23827;
	Fri, 16 Feb 2001 08:53:41 -0500
Message-ID: <003801c09820$0d8e0300$6102a00a@nhqadmin17>
From: "Ben" <ben@cahostnet.com>
To: "Chris Hill" <chris@monochrome.org>,
	"Wayne Pascoe" <wayne.pascoe@realtime.co.uk>
Cc: "FreeBSD Questions List" <freebsd-questions@FreeBSD.ORG>
References: <Pine.BSF.3.96.1010216081216.21384B-100000@localhost>
Subject: Re: ipfw reading rules from a file
Date: Fri, 16 Feb 2001 08:54:56 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

That is correct, the rules are checked line by line.  It's important
in the order that you load the firewall rules because that's how it
checks the rules.  You should alway put the most used rules first b/c
this will speed up the requests.  Hope that helps.

Ben
----- Original Message -----
From: "Chris Hill" <chris@monochrome.org>
To: "Wayne Pascoe" <wayne.pascoe@realtime.co.uk>
Cc: "FreeBSD Questions List" <freebsd-questions@FreeBSD.ORG>
Sent: Friday, February 16, 2001 8:17 AM
Subject: Re: ipfw reading rules from a file


> On Fri, 16 Feb 2001, Francesco Casadei wrote:
>
> > On Fri, Feb 16, 2001 at 10:13:42AM +0000, Wayne Pascoe wrote:
>
> [big snip]
>
> > > Lastly, does ipfw work on a first match wins basis (like
iptables /
> > > ipchains) or does it work on a last match wins basis (like ipf)
?
>
> I believe the first match wins - once a rule matches, no  further
rules
> are processed for that packet.
>
>
> --
> Chris Hill               chris@monochrome.org
> **                     [ Busy expunging <-> ]
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message