From owner-freebsd-net@FreeBSD.ORG Fri Apr 24 16:42:03 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 555BF10656A9; Fri, 24 Apr 2009 16:42:03 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id 16DAE8FC20; Fri, 24 Apr 2009 16:42:02 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com (vanquish.ws.pitbpa0.priv.collaborativefusion.com [192.168.2.162]) (SSL: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Fri, 24 Apr 2009 12:42:02 -0400 id 000564DD.0000000049F1EBDA.0000E0CB Date: Fri, 24 Apr 2009 12:42:02 -0400 From: Bill Moran To: ddg@yan.com.br Message-Id: <20090424124202.951a82e1.wmoran@collaborativefusion.com> In-Reply-To: <49F1DBAE.1080205@yan.com.br> References: <49F06985.1000303@yan.com.br> <49F0A7DD.30206@elischer.org> <49F1DBAE.1080205@yan.com.br> Organization: Collaborative Fusion Inc. X-Mailer: Sylpheed 2.6.0 (GTK+ 2.14.7; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-ipfw@freebsd.org, Julian Elischer , freebsd-net@freebsd.org Subject: Re: IPFW MAX RULES COUNT PERFORMANCE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2009 16:42:03 -0000 In response to Daniel Dias Gon=E7alves : > Very good thinking, congratulations, but my need is another. > The objective is a Captive Porrtal that each authentication is=20 > dynamically created a rule to ALLOW or COUNT IP authenticated, which I'm= =20 > testing is what is the maximum capacity of rules supported, therefore=20 > simultaneous user. >=20 > Understand ? If you're only doing allow, then you'd be better off using a table, which has much better performance than a bunch of separate rules. If you're counting packets, I don't know if that approach will work or not. --=20 Bill Moran Collaborative Fusion Inc. http://people.collaborativefusion.com/~wmoran/ wmoran@collaborativefusion.com Phone: 412-422-3463x4023 **************************************************************** IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****************************************************************