Re: IPF rules

To: Todd Gruhn <tgruhn2%gmail.com@localhost>
Subject: Re: IPF rules
From: Brett Lymn <blymn%internode.on.net@localhost>
Date: Fri, 2 Jul 2021 11:09:54 +0930

On Thu, Jul 01, 2021 at 07:05:13PM -0400, Todd Gruhn wrote:
> Is there a way to order IPF-rules so I can get on gmail quicker?
> What about speeding up network access in general?

A couple of thoughts:

1) are you sure it is ipf causing the issue? How is gmail without the
firewall on?  I wouldn't expect a performance impact from ipf unless
your firewalling is very complex.

2) are you sure your rules are correct?  A particularly favourite
hobby-horse of mine is people  blocking DNS over tcp/53 due to the
totally WRONG belief that only dns zone transfers use tcp/53.  This is
WRONG (did I say wrong?) - if a DNS response won't fit into a UDP packet
then the DNS server will reply to the client telling it to try over tcp.
If your firewall doesn't allow that to happen there may be delays in
name resolution which could cause the appearance that gmail is slow.

-- 
Brett Lymn
--
Sent from my NetBSD device.

"We are were wolves",
"You mean werewolves?",
"No we were wolves, now we are something else entirely",
"Oh"

Follow-Ups:
- Re: IPF rules
  - From: Todd Gruhn

References:
- IPF rules
  - From: Todd Gruhn

Prev by Date: IPF rules
Next by Date: Re: IPF rules
Previous by Thread: IPF rules
Next by Thread: Re: IPF rules
Indexes:

Home | Main Index | Thread Index | Old Index