|
||||||||
Il 08/09/2011 02:01, Joey Morin ha scritto: > On Wed, Sep 7, 2011 at 5:41 PM, Tonix (Antonio Nati) > <tonix at interazioni dot it>wrote: > >> Il 07/09/2011 22:32, Joey Morin ha scritto: >> >> On Wed, Sep 7, 2011 at 11:53 AM, Tonix (Antonio Nati) >>> <tonix at interazioni dot it>wrote: >>> >>> With this small change manageability would become fantastic for ISP >>>> environments. >>>> Rules would be much less, and general speed of monowall would be better. >>>> >>>> while i agree that this kind of feature would be much easier to manage >>> and >>> maintain (especially in a situation with soooo many interfaces), it's >>> unlikely that it would improve performance. i suspect that the >>> configuration feature you seek would still need to generate individual >>> rules >>> for each interface, either at configuration time or dynamically at run >>> time. >>> >>> >> Why? >> > i assumed that ipfilter would manage queues for each interface, rather than > one big queue for the whole box. > You assume or you are sure about? Watching how IP filter works, I think there is simply a large table to scan, until a definitve STOP or OK is found. Tonino -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix at interazioni dot it ------------------------------------------------------------ |