Date: Fri, 13 Aug 2004 12:47:12 +0200 From: "Chris Knipe" <savage@savage.za.org> To: <freebsd-ipfw@freebsd.org> Subject: Re: ipfw & skipto.... confused a bit... Message-ID: <006d01c48122$e41885a0$fb00a8c0@savage.za.org> References: <E1BvWef-0002eB-00@hetzner.co.za><000e01c48109$063bfd20$fb00a8c0@savage.za.org> <20040813100618.GE96469@shellma.zin.lublin.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Pawel Malachowski" <pawmal-posting@freebsd.lublin.pl> To: "Chris Knipe" <savage@savage.za.org> Cc: <freebsd-ipfw@freebsd.org> Sent: Friday, August 13, 2004 12:06 PM Subject: Re: ipfw & skipto.... confused a bit... > Almost ~64k rules ruleset is weird. It's mainly allot of rules due to per IP and per Port (as well as combinations) used for traffic accounting... So most of it is ipfw count.... The number of rules will therefore also directly depend on the number of hosts on the network, as well as the actual configuration. We're kinda working on a hardware based Layer 7 firewall (using divert sockets) to kill P2P. Obviously, FreeBSD is my desired choice of OS. Traffic accounting and stats is a crucial part of the system. I mean, we must give end-users some nice fancy graphs to look at now, don't we? ;) And yes, I was not quite accurate on my numbers. After closer inspection, I saw that my rule blocks jump from 20000 to 60000 so allot is skipped. 10000-20000 is mainly reserved for accounting, and then 60000 for queues. I have moved this down to lower levels now to make the tables smaller. Thanks for all the replies... It's much appreciated -- Chris.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006d01c48122$e41885a0$fb00a8c0>