[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf skip step optimization
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: pf skip step optimization
- From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
- Date: Thu, 25 Jul 2002 11:41:59 +0200
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
On Wed, Jul 24, 2002 at 04:21:26PM -0700, Paul B. Henson wrote:
> On Wed, 24 Jul 2002, Henning Brauer wrote:
> > graphed. You see peaks of nearly 30000 states and 15000 state searches
> > per second. needless to say that this machine runs flawlessly without a
> > single error since day #1 of its existance, and the redundancy machine
> > idles for the same time.
> cool. What type of redundancy do you have set up?
2nd identical machine next to the active one, manual switchover.
I have yet to see an automated solution that solves more problems than
inventing new ones.
> > next good news is that I can rewrite the rule file, which is about 1200
> > lines, in about 300 lines with -current, where more than 200 lines are
> > variable setting and less then 100 are actually rule definitions.
> Would you be interested in sharing your rule file? In fact, what would be
> really interesting to see is your original ipf rule file, your production
> pf rule file, and your rule file optimized for the improvements in
no, not at whole.
but we'll prepare some nice things for 3.2 in /usr/share/pf/, and the FAQ
will be greatly improved (yes Nick, now you need to ;-) ).
Unix is very simple, but it takes a genius to understand the simplicity.