From owner-freebsd-net@FreeBSD.ORG  Wed Mar 19 20:40:22 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 29A261065671
	for <freebsd-net@freebsd.org>; Wed, 19 Mar 2008 20:40:22 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from outO.internet-mail-service.net (outO.internet-mail-service.net
	[216.240.47.238])
	by mx1.freebsd.org (Postfix) with ESMTP id 0F56F8FC29
	for <freebsd-net@freebsd.org>; Wed, 19 Mar 2008 20:40:22 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160)
	by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP;
	Wed, 19 Mar 2008 13:40:24 -0700
Received: from julian-mac.elischer.org (localhost [127.0.0.1])
	by idiom.com (Postfix) with ESMTP id 700592D6015;
	Wed, 19 Mar 2008 13:40:21 -0700 (PDT)
Message-ID: <47E17A35.8030004@elischer.org>
Date: Wed, 19 Mar 2008 13:40:21 -0700
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213)
MIME-Version: 1.0
To: Freddie Cash <fjwcash@gmail.com>
References: <200803191332.01878.fjwcash@gmail.com>
In-Reply-To: <200803191332.01878.fjwcash@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: Separate rules for each port, or one for all ports?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2008 20:40:22 -0000

Freddie Cash wrote:
> I'm just curious if there is any information available on how quickly ipfw 
> processes rules, and whether or not a long list of ports in a single rule 
> makes things faster or slower?
> 
> Just curious if there is a big difference between:
> 
> ipfw add allow tcp from any to me 22,25,80,110,143,443,10000 in recv fxp0
> 
> and
> 
> ipfw add allow tcp from any to me 22    in recv fxp0
> ipfw add allow tcp from any to me 25    in recv fxp0
> ipfw add allow tcp from any to me 80    in recv fxp0
> ipfw add allow tcp from any to me 110   in recv fxp0
> ipfw add allow tcp from any to me 143   in recv fxp0
> ipfw add allow tcp from any to me 443   in recv fxp0
> ipfw add allow tcp from any to me 10000 in recv fxp0
> 
> Other than the ability to track traffic through each port, of course.
> 


the first is faster.