> No, this is completly reasonable now that I understand what it is your
> proposing.  Even the memory footprint is minimal if pointers to the
> actual rules is all we store in the per interface list, my largest set
> duplicated over 8 interfaces would only be 3200 rules.  Stored as

I'd be curious to know what your 400-rule set looks like, what is
the longest search path through that ruleset, and whether that
ruleset could be made more efficient to run by implementing some
kind of switch() statement (eg. for selecting based on interfaces),
or hash tables (e.g. you want to allow/deny to a list of random

  Luigi RIZZO, [EMAIL PROTECTED]  . Dip. di Ing. dell'Informazione
  http://www.iet.unipi.it/~luigi/  . Universita` di Pisa
  TEL/FAX: +39-050-568.533/522     . via Diotisalvi 2, 56126 PISA (Italy)
  Mobile   +39-347-0373137

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to