From owner-freebsd-questions@FreeBSD.ORG  Sat Jun 25 23:40:16 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E397B16A426
	for <freebsd-questions@freebsd.org>;
	Sat, 25 Jun 2005 23:40:16 +0000 (GMT)
	(envelope-from xfb52@dial.pipex.com)
Received: from smtp-out3.blueyonder.co.uk (smtp-out3.blueyonder.co.uk
	[195.188.213.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 80ED243D1D
	for <freebsd-questions@freebsd.org>;
	Sat, 25 Jun 2005 23:40:16 +0000 (GMT)
	(envelope-from xfb52@dial.pipex.com)
Received: from [82.41.37.55] ([82.41.37.55]) by smtp-out3.blueyonder.co.uk
	with Microsoft SMTPSVC(5.0.2195.6713); 
	Sun, 26 Jun 2005 00:40:56 +0100
Message-ID: <42BDEB5E.5030003@dial.pipex.com>
Date: Sun, 26 Jun 2005 00:40:14 +0100
From: Alex Zbyslaw <xfb52@dial.pipex.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.8) Gecko/20050530
X-Accept-Language: en, en-us, pl
MIME-Version: 1.0
To: Paul Schmehl <pauls@utdallas.edu>
References: <MIEPLLIBMLEEABPDBIEGMEIMHHAA.fbsd_user@a1poweruser.com>	<200506241731.13651.martin@orbweavers.co.uk>	<08A3A012657D73D10A220154@Paul-Schmehls-Computer.local>	<20050625064224.GB4460@masterpost>
	<1585990126FE46C02925C321@Paul-Schmehls-Computer.local>
In-Reply-To: <1585990126FE46C02925C321@Paul-Schmehls-Computer.local>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 25 Jun 2005 23:40:56.0930 (UTC)
	FILETIME=[5583DC20:01C579DF]
Cc: freebsd-questions@freebsd.org
Subject: Re: firewall on FreeBSD
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jun 2005 23:40:17 -0000

Paul Schmehl wrote:

> --On June 25, 2005 8:42:24 AM +0200 mess-mate <messmate@free.fr> wrote:
>
>>
>> I've a firewall/router/proxy with openbsd and think to replace it
>> with freebsd 5.4
>> Do you mean freebsd's PF don't support the 'quick' keyword ??
>> Thought PF on freebsd and openbsd was identical, isn't ?
>>
> pf on freebsd does support the "quick" keyword.  The "default" 
> firewall, ipfw, does not.

This makes no sense to me.  The two firewalls work very differently.

In pf, each rule is always processed on every packet and the last rule 
matching determines the action.  "quick" terminates the rule matching 
and forces the "quick" rule to be, in effect, the final rule (assuming 
the packet matched it).

ipfw does not match every rule for every packet, rather is processes 
down the rules until the packet matches one with a terminating action 
such as "accept" or "deny".  No "quick" keyword is needed.

--Alex