IPFW MAX RULES COUNT PERFORMANCE
Anatoliy.Poloz
Anatoliy.Poloz at onetelecom.od.ua
Fri Apr 24 17:15:20 UTC 2009
Bill Moran wrote:
> In response to Daniel Dias Gonçalves <ddg at yan.com.br>:
>
>> Very good thinking, congratulations, but my need is another.
>> The objective is a Captive Porrtal that each authentication is
>> dynamically created a rule to ALLOW or COUNT IP authenticated, which I'm
>> testing is what is the maximum capacity of rules supported, therefore
>> simultaneous user.
>>
>> Understand ?
>
> If you're only doing allow, then you'd be better off using a table,
> which has much better performance than a bunch of separate rules.
>
> If you're counting packets, I don't know if that approach will work
> or not.
>
if u need to count ip traffic for all clients u can use sipmple and more
performance rule set, like this one:
LOCAL_NET=192.168.0.0/24
ipfw pipe 100 config bw 0 mask src-ip 0xffffffff
ipfw pipe 100 config bw 0 mask dst-ip 0xffffffff
ipfw add 100 pipe 100 ip from ${LOCAL_NET} to any out
ipfw add 200 pipe 200 ip from any to ${LOCAL_NET} in
More information about the freebsd-net
mailing list