pf match action 始终不明白match起什么作用。?
发表于 : 2014-07-08 11:42
match
the packet is matched. this mechanism is used to provide fine grained filtering without altering the block/pass state of a packet.
match rules differ from block and pass rules in that parameters are set every time a packet matches the rule, not only on the last matching rule. for the following parameters ,this mean that the parameter effectively become 'sticky' until explicitly overridden: nat-to, binat-to, rdr-to, queue, rtable, and scrub.
log is different still, in that the action happens every time a rule matches i.e. a single packet can get logged more than once.
block和pass 很好理解,就是阻止包和允许包通过。
match很难懂?
the packet is matched. this mechanism is used to provide fine grained filtering without altering the block/pass state of a packet.
match rules differ from block and pass rules in that parameters are set every time a packet matches the rule, not only on the last matching rule. for the following parameters ,this mean that the parameter effectively become 'sticky' until explicitly overridden: nat-to, binat-to, rdr-to, queue, rtable, and scrub.
log is different still, in that the action happens every time a rule matches i.e. a single packet can get logged more than once.
block和pass 很好理解,就是阻止包和允许包通过。
match很难懂?