28.08.2019 23:58, Victor Gamov wrote:
> P.S. Two questions about rules syntax optimization. What is more effective:
> skipto tablearg udp from any to table(AllMcast_out)
> or
> skipto tablearg udp from any to table(AllMcast_out) out xmit vlan*
Can't tell, this heavily depends on table contents and internal order of checks
in kernel part of ipfw but general rule should still apply: less checks, better
performance.
> I hope I can place such rule at top of ruleset and only allowed multicast
> packets outgoing via VLANs interfaces will hit this rule.
>
> and second:
> allow udp from $src1 to { 239.1.2.55 or 239.1.2.56 }
> or
> allow udp from src1 to 239.1.2.0/24{55,56}
Last one should me much more efficient as it just needs to perform a couple of
32-bit masking operations
and previous one is more general (IP addresses may belong to different
networks) and requires slower search.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"
