diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-04-07 02:10:12 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-04-07 02:10:12 +0000 |
| commit | be58a5d1076d0d15b07ce40f1b5c7a98c1d89257 (patch) | |
| tree | 74b880fdd26cbd96963b81a221c76965bd0438f9 /etc | |
| parent | 3d8e2f77a1fa53fe5823575657e3d5e090b5dc81 (diff) | |
| download | pfsense-be58a5d1076d0d15b07ce40f1b5c7a98c1d89257.zip pfsense-be58a5d1076d0d15b07ce40f1b5c7a98c1d89257.tar.gz | |
Use -o when loading the pf ruleset. From the pfctl man page:
-o Enable the ruleset optimizer. The ruleset optimizer attempts to
improve rulesets by removing rule duplication and making better
use of rule ordering. Specifically, it does four things:
1. remove duplicate rules
2. remove rules that are a subset of another rule
3. combine multiple rules into a table when advantageous
4. re-order the rules to improve evaluation performance
A second -o may be specified to use the currently loaded ruleset
as a feedback profile to tailor the optimization of the quick
rules to the actual network behavior.
It is important to note that the ruleset optimizer will modify
the ruleset to improve performance. A side effect of the ruleset
modification is that per-rule accounting statistics will have
different meanings than before.
Use -o when loading the pf ruleset. From the pfctl man page:
-o Enable the ruleset optimizer. The ruleset optimizer attempts to
improve rulesets by removing rule duplication and making better
use of rule ordering. Specifically, it does four things:
1. remove duplicate rules
2. remove rules that are a subset of another rule
3. combine multiple rules into a table when advantageous
4. re-order the rules to improve evaluation performance
A second -o may be specified to use the currently loaded ruleset
as a feedback profile to tailor the optimization of the quick
rules to the actual network behavior.
It is important to note that the ruleset optimizer will modify
the ruleset to improve performance. A side effect of the ruleset
modification is that per-rule accounting statistics will have
different meanings than before.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 5028d60..8d657cf 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -203,7 +203,7 @@ function filter_configure_sync() { $mt = microtime(); echo "pfctl being called at $mt\n"; } - $rules_loading = mwexec("/sbin/pfctl -f {$g['tmp_path']}/rules.debug"); + $rules_loading = mwexec("/sbin/pfctl -o -f {$g['tmp_path']}/rules.debug"); if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "pfctl done at $mt\n"; |
