PF ruleset optimalization part: 1

This is the first installment in a series of three articles about PF. I originally wrote them as chapters for a book, but then publication was cancelled. Luckily, the rights could be salvaged, and now you get to enjoy them as undeadly.org exclusives. In celebration of the upcoming OpenBSD 4.0 release. ;)

• Firewall Ruleset Optimization o Goals o The significance of packet rate o When pf is the bottleneck o Filter statefully o The downside of stateful filtering o Ruleset evaluation o Ordering rulesets to maximize skip steps o Use tables for address lists o Use quick to abort ruleset evaluation when rules match o Anchors with conditional evaluation o Let pfctl do the work for you
• Testing Your Firewall (read)
• Firewall Management (read)

Posted by Administrator on Sunday, October 29, 2006

Archives By Month

• September 2008
• March 2008
• January 2008
• November 2007
• September 2007
• August 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006

Categories:

• FreeBSD
• Linux
• OpenBSD
• Programming
• Solaris
• Windows
• Internet
• VoIP
• All

Recent Entries

• Ubuntu Performance Tuning
• Internet: Javascript Techniques
• Programming: Regular Expressions tips and tricks
• Internet: Tuning Apache for Maximum Performance
• Headless Compaq desktop (boot without a keyboard attached)
• Install FreeBSD 7.0 on a ZFS partition
• Rotating Rails Log Files
• Network cloning a FreeBSD system
• Internet: IPV6 and Thomson Speedtouch 500 series
• Howto enable compiz-fusion in Ubuntu Feisty

Archives…

Syndicate

Articles RSS Feed