The 'firewall' manual page is a must-read.
http://www.freebsd.org/cgi/man.cgi?query=firewall&apropos=0&sektion=0&manpath=FreeBSD+4.7-stable&format=html
I recommend that you first construct your firewall without worrying
too much about optimizing it. Let it run a while, then use
'ipfw -v list' to see which rules are being triggered. Then, based
on that information, optimize your ruleset. As long as you are careful
to maintain the any sensitive rule orderings you should be able to
construct an efficient ruleset (for example, anti-spoofing rules have
to come before anything else).
-Matt
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
