From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:52:37 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 9757B16A4CF; Thu, 16 Sep 2004 03:52:37 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 56410 invoked by uid 1005); 1 Oct 2003 14:15:18 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 56407 invoked from network); 1 Oct 2003 14:15:18 -0000 Received: from moutng.kundenserver.de (212.227.126.189) by pd9e39625.dip.t-dialin.net with SMTP; 1 Oct 2003 14:15:18 -0000 Received: from [212.227.126.147] (helo=mxng04.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1A4ieg-0007FW-00 for max@vampire.homelinux.org; Wed, 01 Oct 2003 17:12:42 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng04.kundenserver.de with esmtp (Exim 3.35 #1) id 1A4ief-0002j1-00 for max@love2party.net; Wed, 01 Oct 2003 17:12:41 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id DCBEC390A66; Wed, 1 Oct 2003 10:06:29 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 01 Oct 2003 10:06:23 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from papoose.quick.com (papoose.quick.com [199.120.187.2]) ESMTP id 15A4839095D for ; Wed, 1 Oct 2003 10:06:22 -0500 (EST) Received: from [199.120.187.50] (lili.chezq.com [199.120.187.50]) by papoose.quick.com (8.12.9/8.12.9) with ESMTP id h91FAxYc080428; Wed, 1 Oct 2003 11:10:59 -0400 (EDT) (envelope-from jq@quick.com) In-Reply-To: <99173910970.20030929180707@love2party.net> References: <18E25BB4-F287-11D7-ADF9-003065C496DC@quick.com> <143167915309.20030929162711@love2party.net> <7F0E43BA-F291-11D7-B179-003065C496DC@quick.com> <99173910970.20030929180707@love2party.net> Mime-Version: 1.0 (Apple Message framework v599) Content-type: text/plain; charset=US-ASCII Message-Id: <73B4DAB7-F421-11D7-B179-003065C496DC@quick.com> From: James Quick To: Max Laier X-Mailer: Apple Mail (2.599) X-archive-position: 171 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: jq@quick.com Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-UID: 286 X-Length: 3704 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: Question about tables vs. lists. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:52:37 -0000 X-Original-Date: Wed, 1 Oct 2003 11:10:54 -0400 X-List-Received-Date: Thu, 16 Sep 2004 03:52:37 -0000 Hi Max, Thanks for responding. On Sep 29, 2003, at 12:07 PM, Max Laier wrote: > > I prefer lists over tables when I have a small set of stable hosts or > nets that I want to filter (=3Dblock). The reason for that is, that I > somewhat "hardcode" it into my ruleset and that I can get per host > output from pflog. I use tables only where I want a manageable solution > and have fairly many addresses. I'm not sure I understand what you mean by this statement. If you meant pfctl instead of pflog then it makes sense to me. Given two rules one of which uses a table, and another which uses a list, wouldn't the stream of tcpdump packets written to the pflog device be the same except for rule number? If you really did mean pflog could you please elaborate? > However, I don't believe that you will see much difference between a > table- or list-powered ruleset for 10-20 addresses. Choose whatever > approach is the more comfortable for you. I did a lot of playing around, and you're right, performance does not seem to be an issue. Thanks for the confirmation. I just wanted to be sure that I wasn't going to step in anything later.