On Oct 31, 2009, at 5:13 PM, Stuart Henderson wrote:
no need for that, we have automatic skip steps, and a ruleset
optimizer that re-orders where it makes sense.
see the 3 articles on undeadly about pf for some fundamentals,
starting here;
http://undeadly.org/cgi?action=article&sid=20060927091645
Too bad Daniel's book deal fell through; I'd have understood things a
lot better if it'd been at Amazon last week. This explains an awful
lot -- nothing I saw before mentioned the skipping and reordering.
Something somewhere gave me the impression that the pf optimization
was just about adjusting timeouts. I don't have to think at all, do
I? :-)
OTOH, I was pleased to see him write that what I was trying to do (use
anchors as 'subroutines' to skip rules) would have worked, but that it
just isn't necessary. Apparently I can just enter a bunch of rules in
just about any old order and pf / pfctl will figure all that stuff out
for me! (Within reason, I assume...)
And we n00bs are glad to know about undeadly, too...
Thanks, Stuart.
--
Glenn English
g...@slsware.com
