ipfw rules consuming CPU
Luigi Rizzo
rizzo at iet.unipi.it
Sat Jun 9 15:02:15 UTC 2012
On Sat, Jun 09, 2012 at 03:36:15PM +0400, Alexander V. Chernikov wrote:
> On 09.06.2012 15:19, Sami Halabi wrote:
> >Hi,
> >all rules togther less than 80 rules....
> However, it is too much.
> You should reduce this to 10 rules or less (at least for main traffic flow).
you should definitely try hard to use tablearg or similar tricks
to reduce the number of rules traversed. A couple of years ago we
did some detailed measurement of the cost of the various operations,
see "Dummynet revisited" and "An emulation tool for PlanetLab" at
http://info.iet.unipi.it/~luigi/research.html
cheers
luigi
More information about the freebsd-ipfw
mailing list