Pfctl optimizer in -current
Contributed by grey on Mon Jul 19 05:02:09 2004 (GMT)
from the henning gets his beer back dept.

Thanks to Foxy for keeping tabs on things and writing in with the following update:

Due to Mike Frantzen's work, pfctl optimizer is official in OpenBSD current sources. The Pfctl optimizer features:

'pfctl -o' ruleset optimizer that doesnt change the meaning of the final ruleset
- remove identical and subsetted rules
- when advantageous merge rules w/ similar addresses into a table and one rule
- re-order rules to improve skip step performance (can do better w/ kernel mods)
- 'pfctl -oo' will load the currently running ruleset and use it as a profile
to direct the optimization of quicked rules

See the complete CVS commit log entry archived here for details.


  Re: Pfctl optimizer in -current
by Frank Denis ( on Mon Jul 19 06:43:45 2004 (GMT)
  Is there any way to run the optimizer when pfctl is called at boot time ?
