Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Cardinality of ruleset
« previous
next »
Print
Pages: [
1
]
Author
Topic: Cardinality of ruleset (Read 2400 times)
iMac-ant
Newbie
Posts: 11
Karma: 0
Cardinality of ruleset
«
on:
September 18, 2020, 09:28:57 am »
Good morning to all, I have a question:
the number of rules in /tmp/rules.debug (starting from antispoof lof for <interface>) is grather than the number of rules obtained through pfctl -s rules. Why?
I'm just considering the default ruleset.
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Cardinality of ruleset
«
Reply #1 on:
September 18, 2020, 09:33:27 am »
The generated rules in /tmp/rules.debug are a "proposal" to pfctl, the ruleset obtained from pfctl is the one that is already cleaned up somewhat regardless of optimization state.
Cheers,
Franco
Logged
iMac-ant
Newbie
Posts: 11
Karma: 0
Re: Cardinality of ruleset
«
Reply #2 on:
September 18, 2020, 09:43:58 am »
What is the cleaning criteria of pfctl? Is there any anomaly, suach as dependency anomaly o redundancy anonmaly?
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Cardinality of ruleset
«
Reply #3 on:
September 18, 2020, 09:44:23 am »
You will have to consult the source code for this to be sure.
Cheers,
Franco
Logged
iMac-ant
Newbie
Posts: 11
Karma: 0
Re: Cardinality of ruleset
«
Reply #4 on:
September 18, 2020, 09:51:01 am »
Thank you very mych.
Antonio
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Cardinality of ruleset
