Firewall Wizards mailing list archives
Re: Opinion: Worst interface ever.
From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 6 Jul 2005 08:46:49 -0400 (EDT)
On Wed, 6 Jul 2005, Darren Reed wrote:
How do you audit firewall-1 ? Do you ask the kernel module for the rules *it* has loaded or do you just accept what the gui gives you ?
Absent any indication that there's stuff going on that shouldn't be, what the GUI gives out should suffice if you're also testing with live packets.
Does FW-1 tell you how it optimises rules when it compiles your ruleset ? Or does auditing fw-1 primarily revolve around testing ?
In theory, optimization should impact performance (which is why ordering rules is important)- rejecting the biggest pile of rejects or accepting the largest amount of permitted traffic first should speed things up. If optimization changes behavior, then things get um, "interesting"- which is why knowing what fields optimize over others is crucial, but knowing which addresses take precedence over others is just nice to have. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Re: Opinion: Worst interface ever. Marcus J. Ranum (Jul 05)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Re: Opinion: Worst interface ever. Marcus J. Ranum (Jul 05)
- Re: Opinion: Worst interface ever. Darren Reed (Jul 06)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 06)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Re: Opinion: Worst interface ever. Adam Jones (Jul 05)
- Re: Opinion: Worst interface ever. Dave Piscitello (Jul 05)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Re: Opinion: Worst interface ever. Marcus J. Ranum (Jul 05)
- Re: Opinion: Worst interface ever. StefanDorn (Jul 05)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Re: Opinion: Worst interface ever. StefanDorn (Jul 05)
- Re: Opinion: Worst interface ever. Jan Tietze (Jul 06)
- Re: Opinion: Worst interface ever. Dave Piscitello (Jul 18)
- Re: Opinion: Worst interface ever. sin (Jul 21)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)