[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: performance: single ip in table Vs single ip



> Simple question which rule is evaluated faster.
> table <ip0-2> const {192.168.0.2}
> pass in quick on $int_if from <ip0-2> to any
> pass in quick on $int_if from 192.168.0.2 to any
Daniel did some tests several years ago and the break even point was
about six IPs in a table versus six individual rules.  So your table
rule will be 6x as slow.  Unless you're running 10yr old hardware, your
firewall is probably so overpowered that it doesn't matter.
 
.mike