PF – to “fast” or “fast”
Q: I heard that using Quick is good and its bad .
what are your thoughts on this and why do you refuse or lawyer?
Re:Originally posted by: guy
so where did you read about these new 3.5 features?
i got a rule set finalized… more or less… i'll send it to ya.
It's possible they aren't 3.5 features, and I've just been slacking. I reread quite a bit of the pf faq not too long ago.
Re:so where did you read about these new 3.5 features?
i got a rule set finalized… more or less… i'll send it to ya.
Re:Originally posted by: guy
why rewrite for 3.5? things changing that much?
you gonna remove the "quick"?
A few things were added. I usually rewrite the rules every couple of releases. 
Re:why rewrite for 3.5? things changing that much?
you gonna remove the "quick"?
Re:Heh, I checked my current pf.conf. all the rules appear to be quicked.
I'm planning a rewrite for 3.5 anyways. 
Re:see this is why the"quick" makes sense to me… i started learning with cisco's ACLs… and that's the first come first served sorta deal.
quick behaves somehwat the same way… once it matches, the packet is either passed or dropped.
simple and efficient.
Re:Yeah, I guess either would be equally good, so it's really up to what you feel comfortable with.
Tried ipfilter a long time ago, but it just never made sense to be, wierd way of writing rules, and actually manipulating the ruleset by typing ipchains commands rather than having a configuartion file has always seemed braindead to me.
Re:Originally posted by: guy
I use quicks for pretty much everything.
I guess that might be cause the first proper firewall I used was Checkpoint FW-1, and it uses "quick", though of course they don't call it that.
IMO it makes things easier to read, since you can just look through the ruleset, and if you come to a rule that matches whatever you're looking for, you'll immediately know that's where it stops.
Checkpoint does a "first match wins" ruleset. I think IPTables does the same thing. "Last rule wins" is what makes more sense to me, since I learned IPF first.
Re:I use quicks for pretty much everything.
I guess that might be cause the first proper firewall I used was Checkpoint FW-1, and it uses "quick", though of course they don't call it that.
IMO it makes things easier to read, since you can just look through the ruleset, and if you come to a rule that matches whatever you're looking for, you'll immediately know that's where it stops.
Re:I have no opinion on the matter. I really don't