Date: Tue, 11 Nov 2003 19:31:11 -0500 From: Haesu <haesu@towardex.com> To: freebsd-ipfw@freebsd.org Subject: Re: loading lot of rules takes very long time Message-ID: <20031112003111.GA74121@scylla.towardex.com> In-Reply-To: <3FAFB5C0.6070509@tenebras.com> References: <20031110080053.5A99543F3F@mx1.FreeBSD.org> <3FAFB5C0.6070509@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
30,000 rules? I hope you are only using one_pass in sysctl var or making good use of skipto after packet passes thru the queue or other measures... I want to see how much pps you can put up with vanila 30k rules :( Besides, good luck if someone DoSes an IP that goes thru long searches.. -hc -- Haesu C. TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | haesu@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | POC: HAESU-ARIN On Mon, Nov 10, 2003 at 07:58:56AM -0800, Michael Sierchio wrote: > Artis Caune wrote: > > >So I belive our rules design is not ok, but we can > >do nothing about it! > > Because you need the eggs? > > >ipfw need about 25-35min to load 30000 rules. > > 30000? I'm suspicious of any ruleset with more than 300. > I suppose if this is just an academic exercise, have fun. > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031112003111.GA74121>