From owner-freebsd-questions@FreeBSD.ORG Sun Jun 26 21:16:01 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D62B116A41C for ; Sun, 26 Jun 2005 21:16:01 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F45143D48 for ; Sun, 26 Jun 2005 21:16:00 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from [82.41.37.55] ([82.41.37.55]) by smtp-out5.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Sun, 26 Jun 2005 22:16:41 +0100 Message-ID: <42BF1B0F.6010402@dial.pipex.com> Date: Sun, 26 Jun 2005 22:15:59 +0100 From: Alex Zbyslaw User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.8) Gecko/20050530 X-Accept-Language: en, en-us, pl MIME-Version: 1.0 To: Giorgos Keramidas References: <200506241731.13651.martin@orbweavers.co.uk> <08A3A012657D73D10A220154@Paul-Schmehls-Computer.local> <20050625064224.GB4460@masterpost> <1585990126FE46C02925C321@Paul-Schmehls-Computer.local> <42BDEB5E.5030003@dial.pipex.com> <20050626031837.GB3020@gothmog.gr> In-Reply-To: <20050626031837.GB3020@gothmog.gr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 26 Jun 2005 21:16:41.0618 (UTC) FILETIME=[58F5CF20:01C57A94] Cc: Paul Schmehl , freebsd-questions@freebsd.org Subject: Re: firewall on FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2005 21:16:01 -0000 Giorgos Keramidas wrote: >On 2005-06-26 00:40, Alex Zbyslaw wrote: > > >>Paul Schmehl wrote: >> >> >>>pf on freebsd does support the "quick" keyword. The "default" >>>firewall, ipfw, does not. >>> >>> >>This makes no sense to me. The two firewalls work very differently. >> >>[...] >> >You describe very nicely the way rules are matched by two of the three >different firewalls available on FreeBSD. The description, being very >correct, *does* make sense. > >Why do you say that ``This makes no sense to you'' > > Maybe I'm misreading something, or taking it out of context, but the statement "ipfw does not support the quick keyword" makes no sense to me. For me, it implies that somehow ipfw could (or even should) support the quick keyword, and that is nonsensical. The way ipfw rules work there is not only no need to support a quick keyword, but no point in supporting one because all relevant matches are already quick, by definition. Maybe I'm being overly pedantic, but if I had stumbled across this message in an archive search, and knew nothing about FreeBSD firewalls, I could easily take it to mean that ipfw was lacking a feature with respect to pf when, in fact, it wasn't. (There may be plenty of other reasons for picking one firewall or the other, but the "lack" of a quick keyword in ipfw isn't one of them). Am *I* making any more sense, now? --Alex