On Sat, Jun 07, 2008 at 11:16:30AM +0200, Martin Toft wrote:
> Just a wild guess -- maybe the pf optimizer substitutes the six
> addresses with 192.168.1.0/29?
Sorry for sending so many mails, but I just want to correct myself
before somebody else does. Your six addresses are probably not
substituted with the network above. It is more reasonable to believe
that the pf optimzer have put your six addresses into a table as hinted
i pf.conf(5):
$ man pf.conf | grep -B 8 -A 1 'combine multiple'
set ruleset-optimization
none Disable the ruleset optimizer.
basic Enable basic ruleset optimization. This is the default
behaviour. Basic ruleset optimization does four things
to improve the performance of ruleset evaluations:
1. remove duplicate rules
2. remove rules that are a subset of another rule
3. combine multiple rules into a table when advanta-
geous
Martin
