Hi all, I'm currently planning for a complete reorganization i.e. rewrite of a historically grown pf.conf of about 300 rules. Up to now each and every rule uses the "quick" keyword, which effectively turns the "last match" concept of pf into a "first match" one. Does that make any sense? Of course.. as evaluation stops at a matching rule with "quick" one may expect that the average time it takes to decide whether a packet is passed or blocked is significantly lower and therefore overall performance of pf will be better with always using "quick". But is this true? Does this make sense if the CPUs are idling most of the time? Are there any rules of thumb when to use "quick" and when to avoid it? Thanks!
Regards Christoph Private Universit?t Witten/Herdecke gGmbH Alfred-Herrhausen-Stra?e 50 D - 58448 Witten Homepage: http://www.uni-wh.de Twitter: http://twitter.com/UniWH Facebook: http://www.facebook.com/UniWH Gesch?ftsf?hrung: Prof. Dr. Martin Butzlaff (Pr?sident), Dipl. oec. Jan Peter Nonnenkamp (Kanzler) Sitz der Gesellschaft: Witten Handelsregister des Amtsgerichts Bochum Nr. HRB 8671
