Separate rules for each port, or one for all ports?
Vadim Goncharov
vadim_nuclight at mail.ru
Thu Mar 20 01:55:27 PDT 2008
Hi Freddie Cash!
On Wed, 19 Mar 2008 13:32:01 -0700; Freddie Cash wrote about 'Separate rules for each port, or one for all ports?':
> I'm just curious if there is any information available on how quickly ipfw
> processes rules, and whether or not a long list of ports in a single rule
> makes things faster or slower?
> Just curious if there is a big difference between:
> ipfw add allow tcp from any to me 22,25,80,110,143,443,10000 in recv fxp0
> and
> ipfw add allow tcp from any to me 22 in recv fxp0
> ipfw add allow tcp from any to me 25 in recv fxp0
> ipfw add allow tcp from any to me 80 in recv fxp0
> ipfw add allow tcp from any to me 110 in recv fxp0
> ipfw add allow tcp from any to me 143 in recv fxp0
> ipfw add allow tcp from any to me 443 in recv fxp0
> ipfw add allow tcp from any to me 10000 in recv fxp0
> Other than the ability to track traffic through each port, of course.
The first becomes significantly faster when you have hundreds of rules.
--
WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight at mail.ru
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
More information about the freebsd-net
mailing list