Re: NPF tuning

To: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Subject: Re: NPF tuning
From: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>
Date: Mon, 16 Jan 2017 08:12:33 +0100

On Sun, 15 Jan 2017 23:19:34 +0100, Manuel Bouyer wrote:
> 240 is still not that much. I used to have more than 2000 rules with
> ipf (before we replaced this box with a cisco).

It is even worse because npf has many restrictions compared to {i,}pf 
that lead to rule duplication.

hauke

-- 
Hauke Fath                        <hauke%Espresso.Rhein-Neckar.DE@localhost>
Ernst-Ludwig-Straße 15
64625 Bensheim
Germany

Follow-Ups:
- Re: NPF tuning
  - From: Mindaugas Rasiukevicius

References:
- NPF tuning
  - From: Egerváry Gergely
- Re: NPF tuning
  - From: Mindaugas Rasiukevicius
- Re: NPF tuning
  - From: Egerváry Gergely
- Re: NPF tuning
  - From: Manuel Bouyer

Prev by Date: Re: "npfctl validate" error non-message
Next by Date: allocation policy of PACKET_TAG_* values
Previous by Thread: Re: NPF tuning
Next by Thread: Re: NPF tuning
Indexes:

Home | Main Index | Thread Index | Old Index