From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 18:46:27 2007 Return-Path: X-Original-To: freebsd-isp@FreeBSD.ORG Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7D3CB16A41F for ; Thu, 15 Feb 2007 18:46:27 +0000 (UTC) (envelope-from _paix@rambler.ru) Received: from mx3.uts.com.ua (ns.uts.kharkov.ukrsat.com [193.109.103.195]) by mx1.freebsd.org (Postfix) with ESMTP id E24D513C4BE for ; Thu, 15 Feb 2007 18:46:26 +0000 (UTC) (envelope-from _paix@rambler.ru) Received: from vega.uts.com.ua (ns.uts.com.ua [217.12.196.130]) by mx3.uts.com.ua (Postfix) with ESMTP id A8F35F7439; Thu, 15 Feb 2007 20:13:53 +0200 (EET) Received: from vega.uts.com.ua (localhost [127.0.0.1]) by vega.uts.com.ua (Postfix) with ESMTP id C96C22285C; Thu, 15 Feb 2007 20:13:54 +0200 (EET) Received: from [10.10.2.4] (unknown [192.168.200.200]) by vega.uts.com.ua (Postfix) with ESMTP id 4EC9E2285A; Thu, 15 Feb 2007 20:13:54 +0200 (EET) Message-ID: <45D4A2DF.1050100@rambler.ru> Date: Thu, 15 Feb 2007 20:13:51 +0200 From: Sergej Kandyla <_paix@rambler.ru> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Vladimir Kapustin References: <1024498861.20070214183625@mail.ru> In-Reply-To: <1024498861.20070214183625@mail.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV on vega.uts.com.ua Cc: freebsd-isp@FreeBSD.ORG Subject: Re: How to optimize ruleset for gateway? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 18:46:27 -0000 Vladimir Kapustin wrote: >I don't think this is a good idea, and now I choosing some other >variants of optimization, such as: > >1. Configure PF for major rules and SPAM filtering and IPFW+DUMMYNET for >queueing. I've read somewhere, that IPFW-shaper supports tables the way I >need. I'm afraid that two firewalls should significantly decrease perfomance. > > > I think you should configure PF with PF-ALTQ Some PF resources : http://www.openbsd.org/faq/pf/ http://www.benzedrine.cx/ackpri.html Examples in /usr/share/examples/pf/ could be useful too. >2. Configure only IPFW. But this means that I have to read full documentation >about it, and find the way to protect the Internet from SPAM going from my >local NET. > > >Could somebody give me some advice what way to go? > > >