[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Skipping interfaces in pf [was: pf filtering on loopback?]
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Skipping interfaces in pf [was: pf filtering on loopback?]
- From: Max Laier <max_(_at_)_love2party_(_dot_)_net>
- Date: Mon, 20 Dec 2004 01:14:29 +0100
[ Sorry to bother you again ]
On Tuesday 14 December 2004 19:31, I wrote:
> in an earlier thread Daniel suggested that it might be a good idea to skip
> pf processing on lo0:
> http://www.monkey.org/openbsd/archive/tech/0407/msg00061.html
>
> Another thread on freebsd-net:
> http://lists.freebsd.org/pipermail/freebsd-net/2004-December/005906.html
> is discussing the possible overhead with filtering interfaces that do not
> transport any IP-level data or in setups with huge LAN pipes that you don't
> want to filter on.
>
> As a solution I'd like to propose a new option "skip on <interface>" that
> disables filtering on the listed interface(s). I realize this as a flag in
> the already existing pf internal interface list. See attachment. The cost
> is a simple compare and the gain should be obvious.
<cut some blabla and a not so clever idea how to mess it up>
> I am open to changes regarding syntax and implementation, but think that
> the idea itself is good.
>
> Comments?
There have been some, but none suggested that it is a stupid idea. Daniel even
stated support (if I understand correctly?). Is there anything going on or
has this just been forgotten about?
I'd really like to see it happening.
--
/"\ Best regards, | mlaier_(_at_)_freebsd_(_dot_)_org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier_(_at_)_EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
Visit your host, monkey.org