Date: Fri, 26 Apr 2013 19:49:59 +0200 From: Kajetan Staszkiewicz <vegeta@tuxpowered.net> To: Erich Weiler <weiler@soe.ucsc.edu> Cc: freebsd-net@freebsd.org Subject: Re: pf performance? Message-ID: <201304261949.59317.vegeta@tuxpowered.net> In-Reply-To: <5179B3BB.3070101@soe.ucsc.edu> References: <5176E5C1.9090601@soe.ucsc.edu> <201304260021.11209.vegeta@tuxpowered.net> <5179B3BB.3070101@soe.ucsc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Dnia pi=C4=85tek, 26 kwietnia 2013 o 00:52:43 Erich Weiler napisa=C5=82(a): > > How many pf rules do you have?. And, as I asked in my previous post, do > > you create states on both sides of the firewall? >=20 > One interface has 12 rules and other other interface has one rule. We > do create states on both sides. That's not too many rules, but are you sure you also create states for=20 "postrouting" traffic? When you do "pass (quick) in on $public some other=20 conditions", you also should have a general "pass quick out on $internal" (= and=20 vice versa), as close to the top of pf.conf, of course unless you need sepa= rate=20 pre and post routing pf filtering rules. =2D-=20 | pozdrawiam / greetings | powered by Debian, CentOS and FreeBSD | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------'
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304261949.59317.vegeta>