From owner-freebsd-pf@FreeBSD.ORG Thu Jul 17 13:00:03 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4DD391065679 for ; Thu, 17 Jul 2008 13:00:03 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158]) by mx1.freebsd.org (Postfix) with ESMTP id CE3BF8FC1E for ; Thu, 17 Jul 2008 13:00:02 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so4069620fgb.35 for ; Thu, 17 Jul 2008 06:00:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=vNh1lwVOkkF2DSQi0ZwFSnQeyo4gfL1uYTHbHX6hdGk=; b=gBoR6q/qxiq1x/HUwN/Y/qHInxh6W2q4YBnfbHTBzoFMXx1l4rQdzbNe73uhfP4hBB pKLN8T0encayysh4mtWMfj4FMc7Yn0xrB6Z+5jESDTuoKUzaH1rb8BWd+onKzXQ3SrCw DVAuY/7GWSA4S0eJWOlfkNHhCEetmMe74BRHU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=O/+XqYUUu8kDrIsuQb6Rbe35gMljasCQDZJyIQtMq7QVfO5lppteKPHwVTcrfg5c8W jxwl5VYRSKZ5nYMnqQ+cXUB9YgieSKxIoj5fRV9PUSI3z0YQ/ejSH1MTVOkzT78pfAz0 1pcybX1M68TvSSzWC8jWjci/jyl7k8bnwfsKk= Received: by 10.86.51.10 with SMTP id y10mr4005596fgy.6.1216299601227; Thu, 17 Jul 2008 06:00:01 -0700 (PDT) Received: by 10.86.73.9 with HTTP; Thu, 17 Jul 2008 06:00:01 -0700 (PDT) Message-ID: <4ad871310807170600of904ddvfa31f3f1bf2e421d@mail.gmail.com> Date: Thu, 17 Jul 2008 09:00:01 -0400 From: "Glen Barber" To: freebsd-pf@freebsd.org In-Reply-To: <20080717125540.GA73950@eos.sc1.parodius.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48750381.1030004@eskk.nu> <4ad871310807170515x5b553661yd64245f7daf2dd61@mail.gmail.com> <20080717125540.GA73950@eos.sc1.parodius.com> Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2008 13:00:03 -0000 On Thu, Jul 17, 2008 at 8:55 AM, Jeremy Chadwick wrote: > On Thu, Jul 17, 2008 at 08:15:03AM -0400, Glen Barber wrote: >> Hi. I'm just curious why you decided to use a table for this. I have >> done something similar (disallowing access to certain domains) using >> macros as follows: >> >> deny_sites="{ badsite.com , www.myspace.com , badsite2.com }" >> >> and didn't notice 'slowness' at boot. This was on a 6.3-RELEASE box, >> if that matters. > > I don't think it matters if the entries are in a table or in a macro. > > Chances are whatever resolver you're using (e.g. an ISPs DNS server, or > something upstream, versus named on the same box) had all of those > entries cached, or has very good overall response time for DNS lookups. > In the case of the OP, I believe he runs his own named. > I was under the assumption the OP runs his own DNS server, as that is how my machine was set up. Regards, -- Glen Barber http://www.dev-urandom.com/