From owner-freebsd-net@FreeBSD.ORG Thu Mar 20 08:55:27 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A76701065678 for ; Thu, 20 Mar 2008 08:55:27 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 590878FC23 for ; Thu, 20 Mar 2008 08:55:26 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1JcGYV-0000fb-FV for freebsd-net@freebsd.org; Thu, 20 Mar 2008 08:55:23 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 20 Mar 2008 08:55:23 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 20 Mar 2008 08:55:23 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org From: Vadim Goncharov Date: Thu, 20 Mar 2008 08:55:16 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 29 Message-ID: References: <200803191332.01878.fjwcash@gmail.com> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: Freddie Cash User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: Separate rules for each port, or one for all ports? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2008 08:55:27 -0000 Hi Freddie Cash! On Wed, 19 Mar 2008 13:32:01 -0700; Freddie Cash wrote about 'Separate rules for each port, or one for all ports?': > I'm just curious if there is any information available on how quickly ipfw > processes rules, and whether or not a long list of ports in a single rule > makes things faster or slower? > Just curious if there is a big difference between: > ipfw add allow tcp from any to me 22,25,80,110,143,443,10000 in recv fxp0 > and > ipfw add allow tcp from any to me 22 in recv fxp0 > ipfw add allow tcp from any to me 25 in recv fxp0 > ipfw add allow tcp from any to me 80 in recv fxp0 > ipfw add allow tcp from any to me 110 in recv fxp0 > ipfw add allow tcp from any to me 143 in recv fxp0 > ipfw add allow tcp from any to me 443 in recv fxp0 > ipfw add allow tcp from any to me 10000 in recv fxp0 > Other than the ability to track traffic through each port, of course. The first becomes significantly faster when you have hundreds of rules. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]