ipfw Table Organization
Tim Daneliuk
tundra at tundraware.com
Tue Aug 24 21:45:31 UTC 2021
Is there any particular advantage - performance or otherwise - to breaking up
a large ipfw table into smaller tables?
We have a few firewalls approaching 100,000 rules for blocking addresses
and CIDR blocks. The IPS are read from separate text files in a loop
in the firewall init code, but are all written to a single table. This
is easy to maintain, but the concern is that we may be clobbering runtime
performance.
Thanks...
More information about the freebsd-questions
mailing list