NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPF rules

How would I know if IPF is the problem?

I stole the IPF rules from 2 of the IPF examples in /usr/share/examples/ipf

On Thu, Jul 1, 2021 at 9:39 PM Brett Lymn <> wrote:
> On Thu, Jul 01, 2021 at 07:05:13PM -0400, Todd Gruhn wrote:
> > Is there a way to order IPF-rules so I can get on gmail quicker?
> > What about speeding up network access in general?
> A couple of thoughts:
> 1) are you sure it is ipf causing the issue? How is gmail without the
> firewall on?  I wouldn't expect a performance impact from ipf unless
> your firewalling is very complex.
> 2) are you sure your rules are correct?  A particularly favourite
> hobby-horse of mine is people  blocking DNS over tcp/53 due to the
> totally WRONG belief that only dns zone transfers use tcp/53.  This is
> WRONG (did I say wrong?) - if a DNS response won't fit into a UDP packet
> then the DNS server will reply to the client telling it to try over tcp.
> If your firewall doesn't allow that to happen there may be delays in
> name resolution which could cause the appearance that gmail is slow.
> --
> Brett Lymn
> --
> Sent from my NetBSD device.
> "We are were wolves",
> "You mean werewolves?",
> "No we were wolves, now we are something else entirely",
> "Oh"

Home | Main Index | Thread Index | Old Index