[rescue] PF question - WAS::::::::::::::Re Good SOHO router for ASDL?
Justin Haynes
justin at justinhaynes.com
Wed Nov 4 17:32:49 CST 2015
pf also uses "quick"
http://www.openbsd.org/faq/pf/filter.html#quick
On Wed, Nov 4, 2015 at 5:28 PM, Jerry Kemp <sun.mail.list47 at oryx.us> wrote:
> We have had several comments concerning PF, and as it appears there are
> several people on the list who have experience with the PF firewall
> software, this seems as good as time as any.
>
> What is prompting this, is that the GA release of Solaris 11.3 became
> available 26 October, and with Solaris 11.3, the firewall software is in a
> transitional state. The old software, IP Filter, is still being shipped,
> but the transition is to PF.
>
> And finally, to the meat of my post.
>
> Below is one of my IP Filter rules for a (personal) system I have hosted
> in a colo, obviously to pass SSH traffic.
>
> .....................................................................
> pass in quick on vnet0 proto tcp from any to any port = 22 keep state
> .....................................................................
>
> The "quick" keyword in my rule allows my IP Filter rules list to function
> as a "top down" read rule list.
>
> I have gone thru some of the docs on the PF firewall software, and if
> there is an equivalent keyword for PF, I apparently keep missing it.
>
> Is it possible for PF to have a "top down" read rule list?
>
> If so, any documentation pointers, or configuration sample is appreciated.
>
> Jerry
>
>
>
>
>
>
>
>
>
> On 11/ 4/15 05:06 PM, Jonathan Patschke wrote:
>
>
>> Low-power hardware is cheap, and pf is very easy to configure. Unless
>> there's a consumer-level feature you need (UPnP, WPS, etc.), why use
>> anything else?
>>
> _______________________________________________
> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue
More information about the rescue
mailing list