[Q] 21.1.5 and firewall: use tables in the shaper

Started by tswalker, April 22, 2021, 06:10:48 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 22, 2021, 06:10:48 AM
question regrading update for | firewall: use tables in the shaper to avoid breaking ipfw with too many addresses

I previously had to break rules down due to too many CIDR addresses in a single rule, will this allow me to consolidate those rules and if so, what system parameters for tables should I keep an eye on or prepare to expand to handle large CIDR sets?
April 22, 2021, 09:51:28 AM #1
Yes. The problem with ipfw tables is that they process a lot slower than their pf counterparts so large address lists are not a good idea. But for now this enables more parity between the two in how the source and destination is handled.

We are talking about ways to support aliases there, but for the performance reason mentioned we can't just allow dumping huge pf tables into ipfw.


Cheers,
Franco
Print
Go Up Pages1
User actions