From owner-freebsd-net@FreeBSD.ORG  Fri Nov 14 20:49:50 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1C093106564A;
	Fri, 14 Nov 2008 20:49:50 +0000 (UTC)
	(envelope-from prvs=julian=1973cfe30@elischer.org)
Received: from smtp-outbound.ironport.com (smtp-outbound.ironport.com
	[63.251.108.112])
	by mx1.freebsd.org (Postfix) with ESMTP id 03F568FC08;
	Fri, 14 Nov 2008 20:49:49 +0000 (UTC)
	(envelope-from prvs=julian=1973cfe30@elischer.org)
Received: from jelischer-laptop.sfo.ironport.com (HELO
	julian-mac.elischer.org) ([10.251.22.38])
	by smtp-outbound.ironport.com with ESMTP; 14 Nov 2008 12:49:50 -0800
Message-ID: <491DE46D.8070205@elischer.org>
Date: Fri, 14 Nov 2008 12:49:49 -0800
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914)
MIME-Version: 1.0
To: Doug Barton <dougb@FreeBSD.org>
References: <491CD94F.3020207@elischer.org>	<20081114133913.K70117@sola.nimnet.asn.au>	<491D375D.1070809@elischer.org>	<20081114211043.W54700@delplex.bde.org>
	<491DC07B.6070304@elischer.org> <491DDA7F.1040004@FreeBSD.org>
In-Reply-To: <491DDA7F.1040004@FreeBSD.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Net <freebsd-net@FreeBSD.org>, ipfw@FreeBSD.org,
	Ian Smith <smithi@nimnet.asn.au>
Subject: Re: rc.firewall quick change
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2008 20:49:50 -0000

Doug Barton wrote:
> Julian Elischer wrote:
>> I think the table is faster for mor ethan about 8 addresses (so we
>> are borderline) but it's be hard to test..  You however use two rules
>> so that would be slower.
> 
> I'm not a firewall expert so I won't comment on the specifics but I do
> want to say that as a general rule "it works + fast/efficient" is MUCH
> more important for default settings than "it works really well" or "it
> works + more features." For better or worse we live in a world where
> most users don't read the manuals, and that includes the ones running
> "benchmarks" with default settings.

I think the change is better from the point of view that it is easier 
to read (for me) and behaves better.

> 
> OTOH I do think it would be entirely appropriate to include a "better"
> example commented out next to the "fast" default. I take a similar
> approach with the default named.conf and have had good feedback from
> users who appreciate pointers to more information when they actually
> do get curious.
> 
> 
> hth,
> 
> Doug
>