This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Packet Filter Configuration/Performance

Is there a preferred way to setup packet filters, or one way that is faster/lighter load on the Astaro320?

Example: I have a group called Servers, which have an outbound packet filter that allows http/s to any.
I also have specific servers that are not in the group. I have a packet filter for each of them configured the exact same as the group above.

My question is which method performs better, single packet filter for a group with many members (40-50) or individual packet filters for each?
OR
Does it really matter?

Thanks

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 14 years ago

The firewall/packet filter processes visible rule in numerical order and stops processing when a rule matches, so it is more efficient to place rules that will match most often higher in the list (Lower number. e.g. rule #1 will be processed first, then rule #2, etc.).
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 14 years ago

The firewall/packet filter processes visible rule in numerical order and stops processing when a rule matches, so it is more efficient to place rules that will match most often higher in the list (Lower number. e.g. rule #1 will be processed first, then rule #2, etc.).
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data