Date: Thu, 16 Sep 2004 03:52:37 -0000 From: James Quick <jq@quick.com> To: Max Laier <max@love2party.net> Cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: Question about tables vs. lists. Message-ID: <73B4DAB7-F421-11D7-B179-003065C496DC@quick.com> In-Reply-To: <99173910970.20030929180707@love2party.net> References: <18E25BB4-F287-11D7-ADF9-003065C496DC@quick.com> <143167915309.20030929162711@love2party.net> <7F0E43BA-F291-11D7-B179-003065C496DC@quick.com> <99173910970.20030929180707@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Max, Thanks for responding. On Sep 29, 2003, at 12:07 PM, Max Laier wrote: > > I prefer lists over tables when I have a small set of stable hosts or > nets that I want to filter (=3Dblock). The reason for that is, that I > somewhat "hardcode" it into my ruleset and that I can get per host > output from pflog. I use tables only where I want a manageable solution > and have fairly many addresses. I'm not sure I understand what you mean by this statement. If you meant pfctl instead of pflog then it makes sense to me. Given two rules one of which uses a table, and another which uses a list, wouldn't the stream of tcpdump packets written to the pflog device be the same except for rule number? If you really did mean pflog could you please elaborate? > However, I don't believe that you will see much difference between a > table- or list-powered ruleset for 10-20 addresses. Choose whatever > approach is the more comfortable for you. I did a lot of playing around, and you're right, performance does not seem to be an issue. Thanks for the confirmation. I just wanted to be sure that I wasn't going to step in anything later.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?73B4DAB7-F421-11D7-B179-003065C496DC>