How to PF Firewall Ruleset Optimization
OpenBSD journal has published excellent PF Firewall Ruleset Optimization tutorial.
From the article:
"This is the first installment in a series of three articles about PF. I originally wrote them as chapters for a book, but then publication was cancelled. Luckily, the rights could be salvaged, and now you get to enjoy them as undeadly.org exclusives."
Firewall Ruleset Optimization topics:
- Goals
- The significance of packet rate
- When pf is the bottleneck
- Filter statefully
- The downside of stateful filtering
- Ruleset evaluation
- Ordering rulesets to maximize skip steps
- Use tables for address lists
- Use quick to abort ruleset evaluation when rules match
- Anchors with conditional evaluation
- Let pfctl do the work for you
- Testing Your Firewall (read)
- Firewall Management (upcoming)
Read more at OpenBSD journal...
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- POLL RESULTS: Do you use a firewall on dedicated Linux / BSD box?
- Optimizing Linux code, application and programs - system performance
- FreeBSD setup Internet connections sharing with NAT firewall
- Tutorial simple Linux firewall configuration using NetFilter / iptables
- Virtuozzo iptables firewall
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Recent Comments
Today ~ 10 Comments
Today ~ 3 Comments
Today ~ 7 Comments
Today ~ 4 Comments
Today ~ 8 Comments