[rescue] PF question - WAS::::::::::::::Re Good SOHO router for ASDL?

Jerry Kemp sun.mail.list47 at oryx.us
Wed Nov 4 17:48:29 CST 2015 

Thank you for the reply and the link.

If this is the most embarrassing question I ask this week, I am way ahead.

Jerry


On 11/ 4/15 05:32 PM, Justin Haynes wrote:
> pf also uses "quick"
>
> http://www.openbsd.org/faq/pf/filter.html#quick
>
> On Wed, Nov 4, 2015 at 5:28 PM, Jerry Kemp <sun.mail.list47 at oryx.us> wrote:
>
>> We have had several comments concerning PF, and as it appears there are
>> several people on the list who have experience with the PF firewall
>> software, this seems as good as time as any.
>>
>> What is prompting this, is that the GA release of Solaris 11.3 became
>> available 26 October, and with Solaris 11.3, the firewall software is in a
>> transitional state.  The old software, IP Filter, is still being shipped,
>> but the transition is to PF.
>>
>> And finally, to the meat of my post.
>>
>> Below is one of my IP Filter rules for a (personal) system I have hosted
>> in a colo, obviously to pass SSH traffic.
>>
>> .....................................................................
>> pass in quick on vnet0 proto tcp from any to any port = 22 keep state
>> .....................................................................
>>
>> The "quick" keyword in my rule allows my IP Filter rules list to function
>> as a "top down" read rule list.
>>
>> I have gone thru some of the docs on the PF firewall software, and if
>> there is an equivalent keyword for PF, I apparently keep missing it.
>>
>> Is it possible for PF to have a "top down" read rule list?
>>
>> If so, any documentation pointers, or configuration sample is appreciated.
>>
>> Jerry
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On 11/ 4/15 05:06 PM, Jonathan Patschke wrote:
>>
>>
>>> Low-power hardware is cheap, and pf is very easy to configure.  Unless
>>> there's a consumer-level feature you need (UPnP, WPS, etc.), why use
>>> anything else?
>>>
>> _______________________________________________
>> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue
> _______________________________________________
> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue

More information about the rescue mailing list