Marcos Bedinelli wrote:
Hi Julian,
On 10-Feb-06, at 14:54, Julian Elischer wrote:
I have found that most people can optimise there ipfw rulests
considerably.
for example: a first rule of:
1 allow ip from any to any in recv {inside interfacfe}
2 allow ip from any to any out xmit {inside interface}
will cut your ipfw load by 50% immediatly.
(you should only be filterring on one interface usually)
use 'skipto' rules to immediatly send incoming and outgoing data to
different rules sets.
etc.
(I you want to privatly send me your ruleset I can probably help you
do this)
julian
Thank you very much for your input and kind offer.
Not long ago I removed the entire ruleset on that machine and the
impact was minimal (i.e., CPU utilization was still above 98%).
yes but throughput probably went up ;-)
Nevertheless, I am sure my ruleset can benefit from some polishing. I
would like to take the liberty of writing to you in the future to
exchange some ideas, provided you have no objections.
whenever you are would like to ..
Thanks!
--
Marcos
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
