Re: Firewalling Rules (Was: Linux Kernels)

Richard B. Johnson (root@chaos.analogic.com)
Sun, 2 Nov 1997 21:43:23 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Evan Jeffrey: "sound broken?"
Previous message: Erik Andersen: "Re: Kernel Config enhancements"

On Sun, 2 Nov 1997, Paul Rusty Russell wrote:
> > Richard B. Johnson wrote:
> > > On Fri, 31 Oct 1997, Matthew Kirkwood wrote:
>
> If you ARE hitting a performance limit, I'd love you to try the
> Generic IP Firewalling patches which makes logical organisation
> easier. At:
>
> http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html
>
> The best solution to the optimisation problem is to use the packet
> counters attached to each rule to reorder them to have the most
> commonly matched ones at the top. Reordering rules without changing
> the semantics is the trick (and doing it atomically is impossible
> without my Generic IPFW patch -- shameless plug).
>
> Since Linus has announced an impending code-slush, I'm hoping to do
> more work on this in the coming few days, including just such an
> optimiser utility.

I'm not hitting any performance problems because I'm filtering into
a low-bandwidth link. However, I'll try out your IPFW patch.

Cheers,
Dick Johnson

Richard B. Johnson
Project Engineer
Analogic Corporation
Penguin : Linux version 2.1.60 on an i586 machine (66.15 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.

Next message: Evan Jeffrey: "sound broken?"
Previous message: Erik Andersen: "Re: Kernel Config enhancements"