OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 20.7 Legacy Series »
  • Firewall Rules Optimization
« previous next »
  • Print
Pages: [1]

Author Topic: Firewall Rules Optimization  (Read 1341 times)

XeroX

  • Jr. Member
  • **
  • Posts: 89
  • Karma: 5
    • View Profile
Firewall Rules Optimization
« on: September 03, 2020, 07:59:04 pm »
Hello @Firewall Advanced Settings, I can find "Firewall Rules Optimization". It allows None, Basic and Profile.

I searched for pfctl and found the exact same description. What is it exactly doing on "Profile"?

What is the best setting for maximum optimization if I've spare memory and processor time?

Cheers
« Last Edit: September 03, 2020, 11:13:38 pm by XeroX »
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1215
  • Karma: 97
    • View Profile
Re: Firewall Rules Optimization
« Reply #1 on: September 04, 2020, 08:03:00 am »
it's not really about hardware. just an attempt to arrange the order of the rules (and some rules "cleaning") to reduce the number of iterations.
so if you have no doubts about the correctness of the optimization or special strict conditions for the order of applying the rules, just leave it at the default.
As far as I understand, the "profile" is trying to additionally change the order of the rules with the quick directive, based on real traffic statistics. (that is, this is a "basic" plus additional optimization of quick rules).

good reading: http://undeadly.org/cgi?action=article&sid=20060927091645
Logged

XeroX

  • Jr. Member
  • **
  • Posts: 89
  • Karma: 5
    • View Profile
Re: Firewall Rules Optimization
« Reply #2 on: September 05, 2020, 02:37:08 pm »
Thanks alot.

Really good article about pfctl.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 20.7 Legacy Series »
  • Firewall Rules Optimization
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2