Cardinality of ruleset

Started by iMac-ant, September 18, 2020, 09:28:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 18, 2020, 09:28:57 AM
Good morning to all, I have a question:

the number of rules in /tmp/rules.debug (starting from antispoof lof for <interface>)  is grather than the number of rules obtained through pfctl -s rules. Why?

I'm just considering the default ruleset.
September 18, 2020, 09:33:27 AM #1
The generated rules in /tmp/rules.debug are a "proposal" to pfctl, the ruleset obtained from pfctl is the one that is already cleaned up somewhat regardless of optimization state.


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
September 18, 2020, 09:43:58 AM #2
What is the cleaning criteria of pfctl? Is there any anomaly, suach as dependency anomaly o redundancy anonmaly?
September 18, 2020, 09:44:23 AM #3
You will have to consult the source code for this to be sure.


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
September 18, 2020, 09:51:01 AM #4
Thank you very mych.

Antonio
Print
Go Up Pages1
User actions