New pf install on Freebsd7 seem to be a slow starter.
Jeremy Chadwick
koitsu at FreeBSD.org
Thu Jul 17 12:55:40 UTC 2008
On Thu, Jul 17, 2008 at 08:15:03AM -0400, Glen Barber wrote:
> Hi. I'm just curious why you decided to use a table for this. I have
> done something similar (disallowing access to certain domains) using
> macros as follows:
>
> deny_sites="{ badsite.com , www.myspace.com , badsite2.com }"
>
> and didn't notice 'slowness' at boot. This was on a 6.3-RELEASE box,
> if that matters.
I don't think it matters if the entries are in a table or in a macro.
Chances are whatever resolver you're using (e.g. an ISPs DNS server, or
something upstream, versus named on the same box) had all of those
entries cached, or has very good overall response time for DNS lookups.
In the case of the OP, I believe he runs his own named.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-pf
mailing list