> clnsrv "allow " tcp "" 43 "${tcp_nicname_c}" "${tcp_nicname_s}"
> clnsrv "allow " tcp "" 53 "${tcp_domain_c}" "${tcp_domain_s}"
...
> ... on and on up to the 1024 and then a few splattered after that.
looks like the search path can become extremely long!.
> The single largest optimization would probably be a dispatch based on
> source or destination port, the latter being more prevelent.
ok... dispatch on ports is easy to implement, easier than dispatch
on (masked) IP's.
> I can't easily send out the actual IP firewall list, it may expose
> what ever router I grabbed it off of to an attack :-)
understand -- this is why i just asked only about the structure of the
ruleset and the length of the longest search path.
cheers
luigi
-----------------------------------+-------------------------------------
Luigi RIZZO, [EMAIL PROTECTED] . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/ . Universita` di Pisa
TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy)
Mobile +39-347-0373137
-----------------------------------+-------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
