[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf efficiency

Hi all.
My Openbsd+pf based firewall has about 90 forward filtering rules, for tcp 
packets (about 30 rules), udp datagram (about 40 rules) and icmp messages 
(about 20 rules). Every rule looks like: "block in proto xxx from any to yyy 
port = zzz", where xxx is the protocol type.
Suppose that a transit tcp packet comes into my firewall.
The question is: pf confronts the TCP packet with all my 90 rules, or it 
confronts the packet ONLY WITH those rules (about 30) written for tcp 
packets ("proto tcp")?
In other words, is there a function in pf that looks up to the protocol type 
of a transit packet and decides which rules to confront the packet with?
Thank you.