Re: IPF rules

[Todd Gruhn <tgruhn2%gmail.com@localhost>]

I like the point about DNS -- sooo if I accept tcp/53 and udp/53, that
can speed things
up?

On Thu, Jul 1, 2021 at 10:03 PM Todd Gruhn <tgruhn2%gmail.com@localhost> wrote:
>
> How would I know if IPF is the problem?
>
> I stole the IPF rules from 2 of the IPF examples in /usr/share/examples/ipf
>
> On Thu, Jul 1, 2021 at 9:39 PM Brett Lymn <blymn%internode.on.net@localhost> wrote:
> >
> > On Thu, Jul 01, 2021 at 07:05:13PM -0400, Todd Gruhn wrote:
> > > Is there a way to order IPF-rules so I can get on gmail quicker?
> > > What about speeding up network access in general?
> >
> > A couple of thoughts:
> >
> > 1) are you sure it is ipf causing the issue? How is gmail without the
> > firewall on?  I wouldn't expect a performance impact from ipf unless
> > your firewalling is very complex.
> >
> > 2) are you sure your rules are correct?  A particularly favourite
> > hobby-horse of mine is people  blocking DNS over tcp/53 due to the
> > totally WRONG belief that only dns zone transfers use tcp/53.  This is
> > WRONG (did I say wrong?) - if a DNS response won't fit into a UDP packet
> > then the DNS server will reply to the client telling it to try over tcp.
> > If your firewall doesn't allow that to happen there may be delays in
> > name resolution which could cause the appearance that gmail is slow.
> >
> > --
> > Brett Lymn
> > --
> > Sent from my NetBSD device.
> >
> > "We are were wolves",
> > "You mean werewolves?",
> > "No we were wolves, now we are something else entirely",
> > "Oh"