[rescue] PF question - WAS::::::::::::::Re Good SOHO router for ASDL?

[Jerry Kemp]

We have had several comments concerning PF, and as it appears there are several 
people on the list who have experience with the PF firewall software, this seems 
as good as time as any.

What is prompting this, is that the GA release of Solaris 11.3 became available 
26 October, and with Solaris 11.3, the firewall software is in a transitional 
state.  The old software, IP Filter, is still being shipped, but the transition 
is to PF.

And finally, to the meat of my post.

Below is one of my IP Filter rules for a (personal) system I have hosted in a 
colo, obviously to pass SSH traffic.

.....................................................................
pass in quick on vnet0 proto tcp from any to any port = 22 keep state
.....................................................................

The "quick" keyword in my rule allows my IP Filter rules list to function as a 
"top down" read rule list.

I have gone thru some of the docs on the PF firewall software, and if there is 
an equivalent keyword for PF, I apparently keep missing it.

Is it possible for PF to have a "top down" read rule list?

If so, any documentation pointers, or configuration sample is appreciated.

Jerry









On 11/ 4/15 05:06 PM, Jonathan Patschke wrote:

>
> Low-power hardware is cheap, and pf is very easy to configure.  Unless
> there's a consumer-level feature you need (UPnP, WPS, etc.), why use
> anything else?