Date: Fri, 14 Nov 2008 12:49:49 -0800 From: Julian Elischer <julian@elischer.org> To: Doug Barton <dougb@FreeBSD.org> Cc: FreeBSD Net <freebsd-net@FreeBSD.org>, ipfw@FreeBSD.org, Ian Smith <smithi@nimnet.asn.au> Subject: Re: rc.firewall quick change Message-ID: <491DE46D.8070205@elischer.org> In-Reply-To: <491DDA7F.1040004@FreeBSD.org> References: <491CD94F.3020207@elischer.org> <20081114133913.K70117@sola.nimnet.asn.au> <491D375D.1070809@elischer.org> <20081114211043.W54700@delplex.bde.org> <491DC07B.6070304@elischer.org> <491DDA7F.1040004@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton wrote: > Julian Elischer wrote: >> I think the table is faster for mor ethan about 8 addresses (so we >> are borderline) but it's be hard to test.. You however use two rules >> so that would be slower. > > I'm not a firewall expert so I won't comment on the specifics but I do > want to say that as a general rule "it works + fast/efficient" is MUCH > more important for default settings than "it works really well" or "it > works + more features." For better or worse we live in a world where > most users don't read the manuals, and that includes the ones running > "benchmarks" with default settings. I think the change is better from the point of view that it is easier to read (for me) and behaves better. > > OTOH I do think it would be entirely appropriate to include a "better" > example commented out next to the "fast" default. I take a similar > approach with the default named.conf and have had good feedback from > users who appreciate pointers to more information when they actually > do get curious. > > > hth, > > Doug >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?491DE46D.8070205>