From owner-freebsd-hackers  Mon Jul 21 22:49:32 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id WAA08005
          for hackers-outgoing; Mon, 21 Jul 1997 22:49:32 -0700 (PDT)
Received: from server.local.sunyit.edu (A-V25.rh.sunyit.edu [150.156.211.85])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA08000;
          Mon, 21 Jul 1997 22:49:30 -0700 (PDT)
Received: from localhost (brightmn@localhost)
	by server.local.sunyit.edu (8.8.5/8.8.5) with SMTP id BAA10705;
	Fri, 4 Jul 1997 01:52:33 GMT
Date: Fri, 4 Jul 1997 01:52:33 +0000 (GMT)
From: Alfred Perlstein <brightmn@a-v25.rh.sunyit.edu>
To: Mike D Tancsa <mdtancsa@sentex.net>
cc: questions@FreeBSD.ORG, hackers@FreeBSD.ORG
Subject: Re: preventing ICMP echo requests to the broadcast address
In-Reply-To: <199707211843.OAA29815@granite.sentex.net>
Message-ID: <Pine.BSF.3.96.970704015043.10699A-100000@server.local.sunyit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> Also, while on the topic of ipfw, does anyone know how much processor
> overhead ipfw adds to the system ?  I suppose the more rules one
> adds the worse it gets.  But does anyone have a reasonable guestimate ?

i assume very little.  because ipfw rules are very simple, if you have a
common action to take with certain packets try to put it first in the rule
list, that way not as many rules have to be checked.  figuring that IPs
are 32 bit numbers it's not a very complex formula that ipfw has to go
through...

Alfred