rc.firewall quick change
Julian Elischer
julian at elischer.org
Fri Nov 14 12:49:50 PST 2008
Doug Barton wrote:
> Julian Elischer wrote:
>> I think the table is faster for mor ethan about 8 addresses (so we
>> are borderline) but it's be hard to test.. You however use two rules
>> so that would be slower.
>
> I'm not a firewall expert so I won't comment on the specifics but I do
> want to say that as a general rule "it works + fast/efficient" is MUCH
> more important for default settings than "it works really well" or "it
> works + more features." For better or worse we live in a world where
> most users don't read the manuals, and that includes the ones running
> "benchmarks" with default settings.
I think the change is better from the point of view that it is easier
to read (for me) and behaves better.
>
> OTOH I do think it would be entirely appropriate to include a "better"
> example commented out next to the "fast" default. I take a similar
> approach with the default named.conf and have had good feedback from
> users who appreciate pointers to more information when they actually
> do get curious.
>
>
> hth,
>
> Doug
>
More information about the freebsd-ipfw
mailing list