I like the point about DNS -- sooo if I accept tcp/53 and udp/53, that can speed things up?
On Thu, Jul 1, 2021 at 10:03 PM Todd Gruhn <tgru...@gmail.com> wrote: > > How would I know if IPF is the problem? > > I stole the IPF rules from 2 of the IPF examples in /usr/share/examples/ipf > > On Thu, Jul 1, 2021 at 9:39 PM Brett Lymn <bl...@internode.on.net> wrote: > > > > On Thu, Jul 01, 2021 at 07:05:13PM -0400, Todd Gruhn wrote: > > > Is there a way to order IPF-rules so I can get on gmail quicker? > > > What about speeding up network access in general? > > > > A couple of thoughts: > > > > 1) are you sure it is ipf causing the issue? How is gmail without the > > firewall on? I wouldn't expect a performance impact from ipf unless > > your firewalling is very complex. > > > > 2) are you sure your rules are correct? A particularly favourite > > hobby-horse of mine is people blocking DNS over tcp/53 due to the > > totally WRONG belief that only dns zone transfers use tcp/53. This is > > WRONG (did I say wrong?) - if a DNS response won't fit into a UDP packet > > then the DNS server will reply to the client telling it to try over tcp. > > If your firewall doesn't allow that to happen there may be delays in > > name resolution which could cause the appearance that gmail is slow. > > > > -- > > Brett Lymn > > -- > > Sent from my NetBSD device. > > > > "We are were wolves", > > "You mean werewolves?", > > "No we were wolves, now we are something else entirely", > > "Oh"