ipfw Table Organization

Tue Aug 24 21:45:31 UTC 2021

Is there any particular advantage - performance or otherwise - to breaking up
a large ipfw table into smaller tables?

We have a few firewalls approaching 100,000 rules for blocking addresses
and CIDR blocks.  The IPS are read from separate text files in a loop
in the firewall init code, but are all written to a single table.  This
is easy to maintain, but the concern is that we may be clobbering runtime
performance.

Thanks...