[ previous ] [ next ] [ threads ]
 
 From:  Joey Morin <joeymorin at alumni dot uwaterloo dot ca>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] CARP and OUT rules
 Date:  Wed, 7 Sep 2011 20:01:51 -0400
On Wed, Sep 7, 2011 at 5:41 PM, Tonix (Antonio Nati)
<tonix at interazioni dot it>wrote:

> Il 07/09/2011 22:32, Joey Morin ha scritto:
>
>  On Wed, Sep 7, 2011 at 11:53 AM, Tonix (Antonio Nati)
>> <tonix at interazioni dot it>wrote:
>>
>>  With this small change manageability would become fantastic for ISP
>>> environments.
>>> Rules would be much less, and general speed of monowall would be better.
>>>
>>>  while i agree that this kind of feature would be much easier to manage
>> and
>> maintain (especially in a situation with soooo many interfaces), it's
>> unlikely that it would improve performance.  i suspect that the
>> configuration feature you seek would still need to generate individual
>> rules
>> for each interface, either at configuration time or dynamically at run
>> time.
>>
>>
> Why?
>

i assumed that ipfilter would manage queues for each interface, rather than
one big queue for the whole box.