ipfw & skipto.... confused a bit...
Chris Knipe
savage at savage.za.org
Fri Aug 13 03:47:02 PDT 2004
----- Original Message -----
From: "Pawel Malachowski" <pawmal-posting at freebsd.lublin.pl>
To: "Chris Knipe" <savage at savage.za.org>
Cc: <freebsd-ipfw at freebsd.org>
Sent: Friday, August 13, 2004 12:06 PM
Subject: Re: ipfw & skipto.... confused a bit...
> Almost ~64k rules ruleset is weird.
It's mainly allot of rules due to per IP and per Port (as well as
combinations) used for traffic accounting... So most of it is ipfw
count.... The number of rules will therefore also directly depend on the
number of hosts on the network, as well as the actual configuration.
We're kinda working on a hardware based Layer 7 firewall (using divert
sockets) to kill P2P. Obviously, FreeBSD is my desired choice of OS.
Traffic accounting and stats is a crucial part of the system. I mean, we
must give end-users some nice fancy graphs to look at now, don't we? ;)
And yes, I was not quite accurate on my numbers. After closer inspection, I
saw that my rule blocks jump from 20000 to 60000 so allot is skipped.
10000-20000 is mainly reserved for accounting, and then 60000 for queues. I
have moved this down to lower levels now to make the tables smaller.
Thanks for all the replies... It's much appreciated
--
Chris.
More information about the freebsd-ipfw
mailing list