From owner-freebsd-security Wed Aug 16 22:17:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 3CCA437BC1D for ; Wed, 16 Aug 2000 22:17:30 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id XAA33942; Wed, 16 Aug 2000 23:17:16 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id XAA09705; Wed, 16 Aug 2000 23:16:27 -0600 (MDT) Message-Id: <200008170516.XAA09705@harmony.village.org> To: Mike Silbersack Subject: Re: [Q] why does my firewall degrade Web performance? Cc: David May , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 16 Aug 2000 18:29:11 CDT." References: Date: Wed, 16 Aug 2000 23:16:27 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Mike Silbersack writes: : : On Wed, 16 Aug 2000, David May wrote: : : > The firewall machine CPU load is always light. It is a Pentium II Celeron : > 300MHz, 64Mb RAM, four Ethernet cards (3 D-Link 10/100, 1 NE2000), : > and around 180 ipfw rules. : : I'm not sure how fast/slow ipfw is, but 180 rules sounds like a : LOT. Could you get by with a few less? (Or at least try the setup with : no rules and the firewall box just runningas a pure router.) 180 is about normal for having multiple cards. 300MHz should be plenty fast enough. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message