skipto keyword in pf
Nomad Esst
noname.esst at yahoo.com
Thu May 2 05:54:39 UTC 2013
>> I have been using IPFW for years, now because of some reasons I'm
>> migrating to PF. In IPFW we can use the "skipto" keyword in order to
>> change the order of checking the rules. How can I do this in PF?
>PF processes rules from top to bottom for every packet, only aborting
>the rule evaluation in the case that the "quick" keyword is used to
>render a decision immediately.
>If you are trying to avoid having to evaluate all of your rules on every
>packet, you should read up on the "anchor" feature, which allows you to
>perform a type of "subroutine call", evaluating a different ruleset upon
>some condition. You could conceivably use that to evaluate some rules
>and come to a decision without having to evaluate all of the rules in a
>policy. It would take some rethinking of your existing rules, no doubt.
How is it possible? Could you please come up with some examples?
The traffic I want to decide about, first, must match all features which I want and then do the decision about the traffic.
Thanks
More information about the freebsd-pf
mailing list