Firewall Rules Optimization

Started by XeroX, September 03, 2020, 07:59:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 03, 2020, 07:59:04 PM Last Edit: September 03, 2020, 11:13:38 PM by XeroX
Hello @Firewall Advanced Settings, I can find "Firewall Rules Optimization". It allows None, Basic and Profile.

I searched for pfctl and found the exact same description. What is it exactly doing on "Profile"?

What is the best setting for maximum optimization if I've spare memory and processor time?

Cheers
September 04, 2020, 08:03:00 AM #1
it's not really about hardware. just an attempt to arrange the order of the rules (and some rules "cleaning") to reduce the number of iterations.
so if you have no doubts about the correctness of the optimization or special strict conditions for the order of applying the rules, just leave it at the default.
As far as I understand, the "profile" is trying to additionally change the order of the rules with the quick directive, based on real traffic statistics. (that is, this is a "basic" plus additional optimization of quick rules).

good reading: http://undeadly.org/cgi?action=article&sid=20060927091645
September 05, 2020, 02:37:08 PM #2
Thanks alot.

Really good article about pfctl.
Print
Go Up Pages1
User actions