Date: Thu, 17 Jul 2008 08:15:03 -0400 From: "Glen Barber" <glen.j.barber@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. Message-ID: <4ad871310807170515x5b553661yd64245f7daf2dd61@mail.gmail.com> In-Reply-To: <48750381.1030004@eskk.nu> References: <48750381.1030004@eskk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 9, 2008 at 2:29 PM, Leslie Jensen <leslie@eskk.nu> wrote:
[:: snip ::]
>
> # tables
> table <goodguys> { something.somewhere.com, somethingelse.somewhere.com,
> xxx.yyy.zzz.qqq }
>
[:: snip ::]
>
> # Let the goodguys access the machine from the outside
> pass in on $ext_if inet proto tcp from <goodguys> to ($ext_if) \
> port $tcp_services flags S/SA keep state
>
Hi. I'm just curious why you decided to use a table for this. I have
done something similar (disallowing access to certain domains) using
macros as follows:
deny_sites="{ badsite.com , www.myspace.com , badsite2.com }"
and didn't notice 'slowness' at boot. This was on a 6.3-RELEASE box,
if that matters.
Regards,
--
Glen Barber
http://www.dev-urandom.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ad871310807170515x5b553661yd64245f7daf2dd61>