From owner-freebsd-net@FreeBSD.ORG  Wed Mar 19 20:32:11 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B32AA1065675
	for <freebsd-net@freebsd.org>; Wed, 19 Mar 2008 20:32:11 +0000 (UTC)
	(envelope-from fjwcash@gmail.com)
Received: from smtp.sd73.bc.ca (smtp.sd73.bc.ca [142.24.13.140])
	by mx1.freebsd.org (Postfix) with ESMTP id 90D328FC12
	for <freebsd-net@freebsd.org>; Wed, 19 Mar 2008 20:32:11 +0000 (UTC)
	(envelope-from fjwcash@gmail.com)
Received: from localhost (localhost [127.0.0.1])
	by localhost.sd73.bc.ca (Postfix) with ESMTP id 0E3F91A000B1B
	for <freebsd-net@freebsd.org>; Wed, 19 Mar 2008 13:32:10 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at smtp.sd73.bc.ca
Received: from smtp.sd73.bc.ca ([127.0.0.1])
	by localhost (smtp.sd73.bc.ca [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id pKq5N4Zenb6H for <freebsd-net@freebsd.org>;
	Wed, 19 Mar 2008 13:32:02 -0700 (PDT)
Received: from coal.local (s10.sbo [192.168.0.10])
	by smtp.sd73.bc.ca (Postfix) with ESMTP id D6EE71A000B32
	for <freebsd-net@freebsd.org>; Wed, 19 Mar 2008 13:32:02 -0700 (PDT)
From: Freddie Cash <fjwcash@gmail.com>
Organization: School District 73
To: freebsd-net@freebsd.org
Date: Wed, 19 Mar 2008 13:32:01 -0700
User-Agent: KMail/1.9.7
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200803191332.01878.fjwcash@gmail.com>
Subject: Separate rules for each port, or one for all ports?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2008 20:32:11 -0000

I'm just curious if there is any information available on how quickly ipfw 
processes rules, and whether or not a long list of ports in a single rule 
makes things faster or slower?

Just curious if there is a big difference between:

ipfw add allow tcp from any to me 22,25,80,110,143,443,10000 in recv fxp0

and

ipfw add allow tcp from any to me 22    in recv fxp0
ipfw add allow tcp from any to me 25    in recv fxp0
ipfw add allow tcp from any to me 80    in recv fxp0
ipfw add allow tcp from any to me 110   in recv fxp0
ipfw add allow tcp from any to me 143   in recv fxp0
ipfw add allow tcp from any to me 443   in recv fxp0
ipfw add allow tcp from any to me 10000 in recv fxp0

Other than the ability to track traffic through each port, of course.

-- 
Freddie Cash
fjwcash@gmail.com