On Thu, 16 Jan 2003, Darren Pilgrim wrote:
DP> There is sorting that you can do, like putting the highest-traffic rules
DP> near the top. ipfw terminates the search on the first matching rule except
DP> for count and skipto. Also, the fewer items that have to be checked the
DP> faster the rule is. Perhaps there is some aggregation that can be done with
DP> the rules themselves?
By the way, is (moderately complex) aggregated rule faster than mix of simple
rules? (for now, we drop accounting issues)
So, will
permit tcp from {a.b.c.0/24 or e.f.g.0/20} to any 22,25,80,443 setup
perform measurably better than set of 8 corresponding rules?
Sincerely,
D.Marck [DM5020, DM268-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
------------------------------------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
