[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf skip step optimization

On Wed, Jul 24, 2002 at 04:21:26PM -0700, Paul B. Henson wrote:
> On Wed, 24 Jul 2002, Henning Brauer wrote: 
> > graphed. You see peaks of nearly 30000 states and 15000 state searches
> > per second. needless to say that this machine runs flawlessly without a
> > single error since day #1 of its existance, and the redundancy machine
> > idles for the same time.
> cool. What type of redundancy do you have set up?

2nd identical machine next to the active one, manual switchover.
I have yet to see an automated solution that solves more problems than
inventing new ones.

> > next good news is that I can rewrite the rule file, which is about 1200
> > lines, in about 300 lines with -current, where more than 200 lines are
> > variable setting and less then 100 are actually rule definitions.
> Would you be interested in sharing your rule file? In fact, what would be
> really interesting to see is your original ipf rule file, your production
> pf rule file, and your rule file optimized for the improvements in
> -current.

no, not at whole.

but we'll prepare some nice things for 3.2 in /usr/share/pf/, and the FAQ
will be greatly improved (yes Nick, now you need to ;-) ).

Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Visit your host, monkey.org