Separate rules for each port, or one for all ports?
Julian Elischer
julian at elischer.org
Wed Mar 19 13:40:22 PDT 2008
Freddie Cash wrote:
> I'm just curious if there is any information available on how quickly ipfw
> processes rules, and whether or not a long list of ports in a single rule
> makes things faster or slower?
>
> Just curious if there is a big difference between:
>
> ipfw add allow tcp from any to me 22,25,80,110,143,443,10000 in recv fxp0
>
> and
>
> ipfw add allow tcp from any to me 22 in recv fxp0
> ipfw add allow tcp from any to me 25 in recv fxp0
> ipfw add allow tcp from any to me 80 in recv fxp0
> ipfw add allow tcp from any to me 110 in recv fxp0
> ipfw add allow tcp from any to me 143 in recv fxp0
> ipfw add allow tcp from any to me 443 in recv fxp0
> ipfw add allow tcp from any to me 10000 in recv fxp0
>
> Other than the ability to track traffic through each port, of course.
>
the first is faster.
More information about the freebsd-net
mailing list