Hi list
I have been using IPFW for years, now because of some reasons I'm migrating to
PF. In IPFW we can use the "skipto" keyword in order to change the order of
checking the rules. How can I do this in PF? Another one, is it possible to
filter in/out coming traffic according to the source/dest
Nomad Esst wrote:
>
> I have been using IPFW for years, now because of some reasons I'm
> migrating to PF. In IPFW we can use the "skipto" keyword in order to
> change the order of checking the rules. How can I do this in PF?
PF processes rules from top to bottom for every packet, only aborting
>> I have been using IPFW for years, now because of some reasons I'm
>> migrating to PF. In IPFW we can use the "skipto" keyword in order to
>> change the order of checking the rules. How can I do this in PF?
>PF processes rules from top to bottom for every packet, only aborting
>the rule evalu
Le Wed, 1 May 2013 22:54:37 -0700 (PDT),
Nomad Esst a écrit :
> >If you are trying to avoid having to evaluate all of your rules on
> >every packet, you should read up on the "anchor" feature, which
> >allows you to perform a type of "subroutine call", evaluating a
> >different ruleset upon some
>Well, tags could help here. With a concrete example of what you want, it
>would be easier to suggest a solution.
>Regards.
Aren't anchors useful as David DeSimone said? Another question, is it possible
to negate a rule or feature in a rule? I mean pass all traffic which DO NOT
match the rule ?
Nomad Esst wrote:
> >Well, tags could help here. With a concrete example of what you want, it
> >would be easier to suggest a solution.
>
> >Regards.
>
> Aren't anchors useful as David DeSimone said?
Yes they are. I used to do the following in ipfw:
10 skipto 1200 ip from any to any in recv vl
On 7 May 2013, at 16:01, Ian FREISLICH wrote:
> Nomad Esst wrote:
>>> Well, tags could help here. With a concrete example of what you want, it
>>> would be easier to suggest a solution.
>>
>>> Regards.
>>
>> Aren't anchors useful as David DeSimone said?
>
> Yes they are. I used to do the fol
Damien Fleuriot wrote:
> > anchor vlan4 quick on vlan4
> > load anchor vlan4 from "/var/db/firewall/vlan4"
>
> Would you kindly elaborate on the quick keyword in conjunction with anchors ?
According to the manual:
Matching filter and translation rules marked with the quick option are
fi
Damien Fleuriot wrote:
>
> Would you kindly elaborate on the quick keyword in conjunction with
> anchors ?
>
> I would assume that makes all the rules within the anchor quick ?
Using "quick" in the rule that calls an anchor is not the same as making
all the rules in the anchor "quick." It instea
