Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Nov 2003 19:31:11 -0500
From:      Haesu <haesu@towardex.com>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: loading lot of rules takes very long time
Message-ID:  <20031112003111.GA74121@scylla.towardex.com>
In-Reply-To: <3FAFB5C0.6070509@tenebras.com>
References:  <20031110080053.5A99543F3F@mx1.FreeBSD.org> <3FAFB5C0.6070509@tenebras.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
30,000 rules? I hope you are only using one_pass in sysctl var or making good
use of skipto after packet passes thru the queue or other measures... 

I want to see how much pps you can put up with vanila 30k rules :( Besides, good
luck if someone DoSes an IP that goes thru long searches..

-hc

-- 
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | haesu@towardex.com
Cell: (978)394-2867     | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033      | POC: HAESU-ARIN

On Mon, Nov 10, 2003 at 07:58:56AM -0800, Michael Sierchio wrote:
> Artis Caune wrote:
> 
> >So I belive our rules design is not ok, but we can
> >do nothing about it!
> 
> Because you need the eggs?
> 
> >ipfw need about 25-35min to load 30000 rules.
> 
> 30000?  I'm suspicious of any ruleset with more than 300.
> I suppose if this is just an academic exercise, have fun.
> 
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20031112003111.GA74121>