Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
[Q] 21.1.5 and firewall: use tables in the shaper
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Q] 21.1.5 and firewall: use tables in the shaper (Read 1820 times)
tswalker
Jr. Member
Posts: 71
Karma: 2
[Q] 21.1.5 and firewall: use tables in the shaper
«
on:
April 22, 2021, 06:10:48 am »
question regrading update for | firewall: use tables in the shaper to avoid breaking ipfw with too many addresses
I previously had to break rules down due to too many CIDR addresses in a single rule, will this allow me to consolidate those rules and if so, what system parameters for tables should I keep an eye on or prepare to expand to handle large CIDR sets?
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: [Q] 21.1.5 and firewall: use tables in the shaper
«
Reply #1 on:
April 22, 2021, 09:51:28 am »
Yes. The problem with ipfw tables is that they process a lot slower than their pf counterparts so large address lists are not a good idea. But for now this enables more parity between the two in how the source and destination is handled.
We are talking about ways to support aliases there, but for the performance reason mentioned we can't just allow dumping huge pf tables into ipfw.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
[Q] 21.1.5 and firewall: use tables in the shaper
