From owner-freebsd-pf@FreeBSD.ORG Thu Jul 17 12:31:22 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF3E51065679 for ; Thu, 17 Jul 2008 12:31:22 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by mx1.freebsd.org (Postfix) with ESMTP id 6562D8FC1C for ; Thu, 17 Jul 2008 12:31:22 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so4064324fgb.35 for ; Thu, 17 Jul 2008 05:31:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=O/0v5RwAFKLRMBk7DmZbdEbGP2v0/6D+Ob3MfI/IVXY=; b=bLBTkds2S32f78e32jor8SqUaNDrnb+L0pyfIb9XKu1df7T+rildnM9IdFCWw7VW/+ VvkT41PVXZSFMlZ/L0pZNOErAUM7EG5E2QZLxU+AmeAokUB5rdqLQtpei/YIYzUie8M+ kI0iQhn8XNfAePqxaph9HQqD8LNuZbHcKSt4c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=gQr6j2fpPJ9AfhfRvTmozPymEu5splbNltNh6MqytywTX71ynjUY8pG9B5XEaB0Lpn bNcdo59pCDpYpLgHmKizikVfyc/MRz63/+VmIkjndNgR854/rHovZYdWx7UsznZSW4+V K6MyZxLiTa2Ho8jhV54njrEUIwoOAjVcEMrkQ= Received: by 10.86.60.14 with SMTP id i14mr3849212fga.75.1216296903350; Thu, 17 Jul 2008 05:15:03 -0700 (PDT) Received: by 10.86.73.9 with HTTP; Thu, 17 Jul 2008 05:15:03 -0700 (PDT) Message-ID: <4ad871310807170515x5b553661yd64245f7daf2dd61@mail.gmail.com> Date: Thu, 17 Jul 2008 08:15:03 -0400 From: "Glen Barber" To: freebsd-pf@freebsd.org In-Reply-To: <48750381.1030004@eskk.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48750381.1030004@eskk.nu> Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2008 12:31:22 -0000 On Wed, Jul 9, 2008 at 2:29 PM, Leslie Jensen wrote: [:: snip ::] > > # tables > table { something.somewhere.com, somethingelse.somewhere.com, > xxx.yyy.zzz.qqq } > [:: snip ::] > > # Let the goodguys access the machine from the outside > pass in on $ext_if inet proto tcp from to ($ext_if) \ > port $tcp_services flags S/SA keep state > Hi. I'm just curious why you decided to use a table for this. I have done something similar (disallowing access to certain domains) using macros as follows: deny_sites="{ badsite.com , www.myspace.com , badsite2.com }" and didn't notice 'slowness' at boot. This was on a 6.3-RELEASE box, if that matters. Regards, -- Glen Barber http://www.dev-urandom.com/