rc.firewall quick change

Doug Barton dougb at FreeBSD.org
Fri Nov 14 12:34:10 PST 2008

Julian Elischer wrote:
> I think the table is faster for mor ethan about 8 addresses (so we
> are borderline) but it's be hard to test..  You however use two rules
> so that would be slower.

I'm not a firewall expert so I won't comment on the specifics but I do
want to say that as a general rule "it works + fast/efficient" is MUCH
more important for default settings than "it works really well" or "it
works + more features." For better or worse we live in a world where
most users don't read the manuals, and that includes the ones running
"benchmarks" with default settings.

OTOH I do think it would be entirely appropriate to include a "better"
example commented out next to the "fast" default. I take a similar
approach with the default named.conf and have had good feedback from
users who appreciate pointers to more information when they actually
do get curious.




    This .signature sanitized for your protection

More information about the freebsd-net mailing list