[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Paul Evans <paul dot evans at offtheshelfsoftware dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Turn off stateful inspection
 Date:  Tue, 26 Oct 2004 12:39:36 -0400
On Tue, 26 Oct 2004 09:03:53 +0100, Paul Evans
<paul dot evans at offtheshelfsoftware dot com> wrote:
> Thanks Chris
> You're right, I've been using m0n0 as a firewall for some time however I now
> need a very quick simple router with traffic shaping capabilities running
> off a compact flash. I don't have the time to build an OS image from the
> ground up so was wondering if I could easily adapt m0n0. I was hoping
> there'd be an easy way of using the shell command PHP to amend the ipfw
> rules?

It's ipfilter not ipfw (ipfw is traffic shaping only).  Back to the point..  :) 

What's the reason you want to disable stateful filtering?  Assuming so
you won't overrun the state table.  The latest beta uses 30,000 as its
max state table, so unless you have some serious traffic you aren't
going to overrun that.  I don't think it'd have a huge effect on
performance either way.  1.1 and earlier have 4,000 as the max state
table size (IIRC) which you might overrun on a heavily used router.

I'd try it as is and see what happens.  Try the latest beta if you
exhaust your state table.