OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Pfctl optimizer in -current
Contributed by grey on Mon Jul 19 05:02:09 2004 (GMT)
from the henning gets his beer back dept.

Thanks to Foxy for keeping tabs on things and writing in with the following update:

Due to Mike Frantzen's work, pfctl optimizer is official in OpenBSD current sources. The Pfctl optimizer features:

'pfctl -o' ruleset optimizer that doesnt change the meaning of the final ruleset
- remove identical and subsetted rules
- when advantageous merge rules w/ similar addresses into a table and one rule
- re-order rules to improve skip step performance (can do better w/ kernel mods)
- 'pfctl -oo' will load the currently running ruleset and use it as a profile
to direct the optimization of quicked rules

See the complete CVS commit log entry archived here for details.


<< OpenNTPd, portable ntpd version & website. | Reply | Flattened | Expanded | Next generation 'Fire & Forget' distributed project disk images >>

Threshold: Help

Related Links
more by grey

  Re: Pfctl optimizer in -current (mod 7/21)
by Frank Denis ( on Mon Jul 19 06:43:45 2004 (GMT)
  Is there any way to run the optimizer when pfctl is called at boot time ?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]