From owner-cvs-all Tue Feb 13 7:18:50 2001 Delivered-To: cvs-all@freebsd.org Received: from tao.org.uk (unknown [194.128.198.234]) by hub.freebsd.org (Postfix) with ESMTP id A93DD37B491; Tue, 13 Feb 2001 07:18:42 -0800 (PST) Received: by tao.org.uk (Postfix, from userid 100) id 8AE5D317C; Tue, 13 Feb 2001 15:18:41 +0000 (GMT) Date: Tue, 13 Feb 2001 15:18:40 +0000 From: Josef Karthauser To: Poul-Henning Kamp Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fw.c ip_fw.h src/sbin/ipfw ipfw.8 ipfw.c Message-ID: <20010213151840.A622@tao.org.uk> References: <200102131412.f1DECdZ12064@freefall.freebsd.org> <51205.982073676@critter> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <51205.982073676@critter>; from phk@critter.freebsd.dk on Tue, Feb 13, 2001 at 03:14:36PM +0100 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Feb 13, 2001 at 03:14:36PM +0100, Poul-Henning Kamp wrote: > In message <200102131412.f1DECdZ12064@freefall.freebsd.org>, Poul-Henning Kamp > > The check is semi expensive (traverses the interface address list) > > so it should be protected as in the above example if high performance > > is a requirement. > > It would be more elegant to have multiple lists of ipfw rules: > One input list per interface > One output list per interface > One list for packets being forwarded > One list for packets arriving locally > One list for packets originating locally This I like. :) Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message