Date: Wed, 9 Jan 2002 13:06:33 +0100 From: "Heimes, Rene" <rh@com-con.net> To: <freebsd-questions@freebsd.org> Subject: AW: firewalling with ipfw Message-ID: <F54B610C5BFDE546BBA2F6CC595ACC75084A0B@exchange2000>
next in thread | raw e-mail | index | archive | help
>> so there is no possibility of grouping ip?s that should match a special >> ruleset, if they cannot be treated as a "subnet"? >> can i perform this action with ipf? can someone point me to a good HOWTO >> for that? >> >IP Filter also can't do it for you. Probably you should tell us your task, >because I can't understand really needs of such Firewall feature. OK, let=B4s try... There is one half Class-C Network (out of 16 others....) There are a several groups of servers and workstations with different inbound/ outbound rulesets: - Webservers - Application Servers - Full Access Workstations - Restricted Access Workstations and finally - No Access Workstations Each group matches to non-coherent IP-Addresses. Right now, because i wrote each ruleset for almost every single ip, there is a 70k large rc.firewall file that affects system throughput heavily. That=B4s my problem - understandable now? How can i make this file smaller? How can i aggregate rulesets and ip=B4s??? TIA Ren=E9 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F54B610C5BFDE546BBA2F6CC595ACC75084A0B>