1
Development and Code Review / "Improve" rule reloading
« on: November 15, 2019, 07:11:58 pm »
Hello everyone,
I'm crossposting this here now after on the pfsense forum there wasn't much discussion about it and I have been thinking about switching to opnsense for a while now and this would definitely make me switch. Please forgive me if there is already "improved" rule reloading in effect.
I'm currently a pfsense user and I am having some issues due to filter reloads causing temporary packet loss on routed UDP. That made me think about a different approach in how pfsense/opnsense handles rules that might be able to solve/reduce this:
Would it be possible to use anchors for IPv4/IPv6 so reloading the entire filter is not necessary, if an IPv6 Gateway goes down, IPv4 will not be affected by that. Of course this doesn't solve this entirely but it should make things better. Maybe it would be possible to go even further and use per-interface anchors to make the amounts of rules that need reloading even smaller.
What do you guys think? Would this work? Would this be a valid approach? Would this help and would this be wanted?
I'm crossposting this here now after on the pfsense forum there wasn't much discussion about it and I have been thinking about switching to opnsense for a while now and this would definitely make me switch. Please forgive me if there is already "improved" rule reloading in effect.
I'm currently a pfsense user and I am having some issues due to filter reloads causing temporary packet loss on routed UDP. That made me think about a different approach in how pfsense/opnsense handles rules that might be able to solve/reduce this:
Would it be possible to use anchors for IPv4/IPv6 so reloading the entire filter is not necessary, if an IPv6 Gateway goes down, IPv4 will not be affected by that. Of course this doesn't solve this entirely but it should make things better. Maybe it would be possible to go even further and use per-interface anchors to make the amounts of rules that need reloading even smaller.
What do you guys think? Would this work? Would this be a valid approach? Would this help and would this be wanted?