At 00:18 15/11/00 -0500, Robert MacDonald wrote:
>You were clear.
>
>Yes, it would be more efficient to only scan 10 rules,
>instead of 20.
A better approach is that of IP filter and Cisco ACLs.
implement many rulesets, but let the admin chose how
to organize the rules into the different sets.
but anyway, the argument against "performance improvements"
is always the same: It is a concern for very few sites. so, the
cost of over-engineering is too high...
>No, CP doesn't have this feature yet, but
>I'm almost positive that they would sell you another copy
>for a second system so you would only have to process
>10 rules instead of 20 ;)
They can do more: unload their filter so that no rule is to be
checked! I am not convinced that your securit level would be
worst:) </poor humour cont>
> (poor humor, sorry. Not to mention
>all the crap that comes with trying to get it working right.)
but then you're asking for trouble. the game is to try to make it work,
not make it work right. (ok guys, I'll stop it).
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
