Date: Wed, 19 Mar 2008 13:40:21 -0700 From: Julian Elischer <julian@elischer.org> To: Freddie Cash <fjwcash@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Separate rules for each port, or one for all ports? Message-ID: <47E17A35.8030004@elischer.org> In-Reply-To: <200803191332.01878.fjwcash@gmail.com> References: <200803191332.01878.fjwcash@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Freddie Cash wrote: > I'm just curious if there is any information available on how quickly ipfw > processes rules, and whether or not a long list of ports in a single rule > makes things faster or slower? > > Just curious if there is a big difference between: > > ipfw add allow tcp from any to me 22,25,80,110,143,443,10000 in recv fxp0 > > and > > ipfw add allow tcp from any to me 22 in recv fxp0 > ipfw add allow tcp from any to me 25 in recv fxp0 > ipfw add allow tcp from any to me 80 in recv fxp0 > ipfw add allow tcp from any to me 110 in recv fxp0 > ipfw add allow tcp from any to me 143 in recv fxp0 > ipfw add allow tcp from any to me 443 in recv fxp0 > ipfw add allow tcp from any to me 10000 in recv fxp0 > > Other than the ability to track traffic through each port, of course. > the first is faster.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47E17A35.8030004>