loading lot of rules takes very long time
Haesu
haesu at towardex.com
Tue Nov 11 16:30:48 PST 2003
30,000 rules? I hope you are only using one_pass in sysctl var or making good
use of skipto after packet passes thru the queue or other measures...
I want to see how much pps you can put up with vanila 30k rules :( Besides, good
luck if someone DoSes an IP that goes thru long searches..
-hc
--
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | haesu at towardex.com
Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033 | POC: HAESU-ARIN
On Mon, Nov 10, 2003 at 07:58:56AM -0800, Michael Sierchio wrote:
> Artis Caune wrote:
>
> >So I belive our rules design is not ok, but we can
> >do nothing about it!
>
> Because you need the eggs?
>
> >ipfw need about 25-35min to load 30000 rules.
>
> 30000? I'm suspicious of any ruleset with more than 300.
> I suppose if this is just an academic exercise, have fun.
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list