From owner-freebsd-questions Mon Apr 2 7:12:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from khan.acc.umu.se (khan.acc.umu.se [130.239.18.139]) by hub.freebsd.org (Postfix) with ESMTP id B405337B71B for ; Mon, 2 Apr 2001 07:12:40 -0700 (PDT) (envelope-from markush@acc.umu.se) Received: from mao.acc.umu.se (root@mao.acc.umu.se [130.239.18.154]) by khan.acc.umu.se (8.11.2/8.11.2) with ESMTP id f32ECdc08975 for ; Mon, 2 Apr 2001 16:12:39 +0200 (MEST) Received: (from markush@localhost) by mao.acc.umu.se (8.9.3/8.9.3/Debian 8.9.3-21) id QAA09660 for freebsd-questions@freebsd.org; Mon, 2 Apr 2001 16:12:38 +0200 Date: Mon, 2 Apr 2001 16:12:38 +0200 From: Markus Holmberg To: freebsd-questions@freebsd.org Subject: ipfw dst me usage performance noticeable? Message-ID: <20010402161238.A7685@acc.umu.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3-current-20000511i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG ipfw(8) says: "Specifying me makes the rule match any IP number configured on an interface in the system. This is a computationally semi-expen- sive check which should be used with care." Does using 'me' in the last few rules (just before the deny all) that match TCP setup packets etc make sense? (I.e. is the performance loss for this kind of usage something one would notice?) (The bulk load of packets should be taken care of the rule above that passes through all already established traffic..) Regards, Markus. -- Markus Holmberg | Give me Unix or give me a typewriter. markush@acc.umu.se | http://www.freebsd.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message