OpenBSD journal has published excellent PF Firewall Ruleset Optimization tutorial.
From the article:
"This is the first installment in a series of three articles about PF. I originally wrote them as chapters for a book, but then publication was cancelled. Luckily, the rights could be salvaged, and now you get to enjoy them as undeadly.org exclusives."
Firewall Ruleset Optimization topics:
- Goals
- The significance of packet rate
- When pf is the bottleneck
- Filter statefully
- The downside of stateful filtering
- Ruleset evaluation
- Ordering rulesets to maximize skip steps
- Use tables for address lists
- Use quick to abort ruleset evaluation when rules match
- Anchors with conditional evaluation
- Let pfctl do the work for you
- Testing Your Firewall (read)
- Firewall Management (upcoming)
Read more at OpenBSD journal...
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- 10 Greatest Open Source Software Of 2009
- My 10 UNIX Command Line Mistakes
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!
- Email this to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: Sep/28/2006
{ 0 comments… add one now }