Rick Shropshire wrote:
I have a large number of IP's that need the same ports open and I want
use variables to simplify the rule set but still optimize for
skip-steps. For example should I do this:
SERVERS = "{192.168.0.10, 192.168.0.12, 192.168.0.32/28,
192.168.0.96/28}"
PORTS = "{ftp, smtp, http, https, pop3}"
pass in on xl0 proto tcp from any to $SERVERS port = $PORTS flags S/SA
keep state
With these variables will PF optimize this example for skip-steps in the
most efficient way?
Yes, PF will optimize with skip steps.
But with "large number of IP's", tables will be much more efficient.
Cedric
