Re: Skipping interfaces in pf [was: pf filtering on loopback?]
This is a discussion on Re: Skipping interfaces in pf [was: pf filtering on loopback?] within the mailing.openbsd.tech forums, part of the OpenBSD category; --> > Another thread on freebsd-net: > http://lists.freebsd.org/pipermail/f...er/005906.html > is discussing the possible overhead with filtering interfaces that do not ...
| |||||||
![Re: Skipping interfaces in pf [was: pf filtering on loopback?]](http://www.unixadmintalk.com/iconimages/mailing-openbsd-tech/re-skipping-interfaces-pf-pf-filtering-loopback_ltr.gif)
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 08:29 AM
| ||||
| ||||
 Re: Skipping interfaces in pf [was: pf filtering on loopback?] > Another thread on freebsd-net: > http://lists.freebsd.org/pipermail/f...er/005906.html > is discussing the possible overhead with filtering interfaces that do not > transport any IP-level data or in setups with huge LAN pipes that you don't > want to filter on. That thread is long and I'm lazy, but why not just prefix your ruleset with: no scrub on $SKIP_INTERFACES no rdr on $SKIP_INTERFACES no nat on $SKIP_INTERFACES pass quick on $SKIP_INTERFACES It'll check the state tree first but that's only O(log n). I've had a custom PF port filtering on a 4.8 box before (in hard interrupt context at that) and there was no problem with a saturated gig link and a light ruleset. It wasn't touching your routing code or stack though. ..mike      |
 |
« Skipping interfaces in pf [was: pf filtering on loopback?]
|
Re: Skipping interfaces in pf [was: pf filtering on loopback?] »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 06:58 AM.
