"QUICK" and "SLOW" firewall rules brought me here

[iask]

What the heck is QUICK rule? pls help me out

[iask]

BTW I have never seen such a childish explanation :

"When a rule does not have quick enabled, the last matching rule wins."

Wins what? Do I play some kind of a game or what? Where is my prize?

[Patrick M. Hausen]

If a quick rule matches, processing of rules is stopped and the rule is applied to the packet in question.
For slow rules the last rules that matches the packet is applied.

So "quick" is the way packet filtering firewalls traditionally work. Apply rules in order, first match wins, stop rule processing for that packet.

[iask]

I learned from Docs that QUICK rules are preferable.

What if I have automatically created set of rules (not defined as quick) glued to the top of the list and I can't put anything else before these rules ?

Should I create "SLOW" rule on the bottom of the list to override all existing rules?

[Patrick M. Hausen]

I think the documentation explains the processing order quite well:
https://wiki.opnsense.org/manual/firewall.html#processing-order

Automatic rules come first, so they are set to "slow". This means that a later rule provided by you can override them. Whether you set your own to slow or quick depends on if you want additional rules to be checked after this particular one or not.

Slow and quick are not separate rule sets. They are an attribute of the single rule in question. Quick means "if match, terminate rule processing immediately and use this one". Slow means "remember that rule, but examine all following ones if they match, too".

So the rule processing will alway use

• the first quick rule that matches
• only if there is no matching quick rule, then the last slow rule that matches
• only if there is no matching rule at all it's "default deny"

[alexroz]

https://youtu.be/kYFNa_zpeII?t=790