[pf4freebsd] Re: Question about tables vs. lists.

[Max Laier]

Hello James,

Wednesday, October 1, 2003, 5:10:54 PM, you wrote:
>> I prefer lists over tables when I have a small set of stable hosts or
>> nets that I want to filter (=block). The reason for that is, that I
>> somewhat "hardcode" it into my ruleset and that I can get per host
>> output from pflog. I use tables only where I want a manageable solution
>> and have fairly many addresses.

JQ> I'm not sure I understand what you mean by this statement.
JQ> If you meant pfctl instead of pflog then it makes sense to me.
JQ> Given two rules one of which uses a table, and another which
JQ> uses a list, wouldn't the stream of tcpdump packets written to
JQ> the pflog device be the same except for rule number?

JQ> If you really did mean pflog could you please elaborate?

Both! You are right, the difference for pfctl is much more visible, but
the different rule number on pflog output is something I like nonetheless.

>> However, I don't believe that you will see much difference between a
>> table- or list-powered ruleset for 10-20 addresses. Choose whatever
>> approach is the more comfortable for you.

JQ> I did a lot of playing around, and you're right, performance does
JQ> not seem to be an issue. Thanks for the confirmation.  I just
JQ> wanted to be sure that I wasn't going to step in anything later.

Did you do proper benchmarks? That would be really valuable information.
However the above stands: There is (theoretically) not much difference
between the two options.

-- 
Best regards,
 Max                            mailto:max at love2party.net