You *may* see a little performance gain from putting most-
frequently-matched rules first.
You may be able to minimize the number of rules by putting specific
exceptions (longer subnet masks) first, allowing more general rules
to be aggregated.
David Gillett
On 6 Jul 2001, at 15:51, [EMAIL PROTECTED] wrote:
> Rule order matters. It shortcuts to the first match, and stops going
> through the list at that point. According to Cisco, there is no limit on
> the number of rules, but of course reality will tell us something
> different.
>
> If you don't have tons and tons of rules, then there probably won't be any
> noticeable difference, but I would place the rules that will match most
> often at the top, which will help performance.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
