Henning Brauer wrote:
On Fri, Dec 20, 2002 at 05:55:00PM +0100, Cedric Berger wrote:Assuming that each host needs X rules, it becomes N x X, which in my case, could
As you might remember, I was interrested in an extension to PFI think it's useless. you can simply use N rules for N hosts.
to be able to assign and manage a huge list of addresses to the
source or destination of any PF rule.
and if I
should try to clean it up and port it to -CURRENT.
easily be 10'000 x 10, which is huge, and a PITA to manage (i.e remove and add
addresses). With my extension, the ruleset remain small, and you can make "pfctl -r"
on the console.
Then, there is the evaluation speed issue, like Daniel just pointed out.
Also, imagine how authpf for example could be much easier and flexible if he
just added and removed IP address from the "system:authpf" table...
Cedric
