Date: Thu, 01 Feb 1996 23:52:39 +0100 From: Poul-Henning Kamp <phk@critter.tfs.com> To: Nate Williams <nate@sri.MT.net> Cc: michael butler <imb@scgt.oz.au>, current@freebsd.org Subject: Re: ip_fw ordering of rules.. Message-ID: <1196.823215159@critter.tfs.com> In-Reply-To: Your message of "Thu, 01 Feb 1996 14:57:18 MST." <199602012157.OAA21193@rocky.sri.MT.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > > It is always a singled linked list anyway... > > > > > > > > Ugh ! Then there'll be no disadvantage in removing the "sort" :-) > > > > > > Except that supposedly it 'orders' things so that the most common rules > > > (or what it thinks should be most common) will be found at the top, thus > > > making it faster since you don't have to walk the entire tree. > > > > Well, I suggest you look at the ordering then, that is most > > certainly >NOT< what the code does. > > That's what it's supposed to do. I guess it depends on what you think > should be the most 'common' rules. :) It basically sorts so that the rule covering most addresses come first. It doesn't look at deny/pass in that context, so if you say: deny some specific port allow the rest It will come out as: allow everything a deny rule never used. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1196.823215159>