[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rdr vs pass

To: <misc@openbsd.org>
Subject: rdr vs pass
From: <jabbott@abbotts.org>
Date: Tue, 1 Mar 2005 14:38:57 -0600 (CST)

Could someone please settle a debate I am having at work?  I admit to being old school, having started on IPF with obsd 2.6, now I am running PF on 3.5.  My co-worker has been learning pf over the past year.  I guess the debate is, he thinks pass/block filter rules are redundant and want to only use redirects, such as:rdr from $oneIP to $anotherInternalIP port whatever.
I tend to think that:
pass in on fxp0 from $oneIP to $anotherIP port whatever; and
block in on fxp0 from any to $anotherInteralIP port whatever
seems like if everything could be done with redirects, why did the gods of openbsd create rules?  The only real argument I have is rules buy us logging....ah, assuming somebody is looking at the logs of course.

What is the opinion of the list?

--ja

--

Follow-Ups:
- Re: rdr vs pass
  - From: Jason Crawford <jasonrcrawford@gmail.com>
- Re: rdr vs pass
  - From: eric <eric-list-openbsd-misc@catastrophe.net>
- Re: rdr vs pass
  - From: Ingo Schwarze <schwarze@usta.de>

Prev by Date: Re: soekris net4526 pf freeze
Next by Date: Re: rdr vs pass
Prev by thread: Re: soekris net4526 pf freeze
Next by thread: Re: rdr vs pass
Index(es):
- Date
- Thread