Search This Blog

Friday, July 24, 2009

firewall-wizards Digest, Vol 39, Issue 8

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Firewall rules order and performance (Marcus J. Ranum)


----------------------------------------------------------------------

Message: 1
Date: Tue, 21 Jul 2009 13:02:17 -0400
From: "Marcus J. Ranum" <mjr@ranum.com>
Subject: Re: [fw-wiz] Firewall rules order and performance
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4A65F499.3050405@ranum.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

lordchariot@embarqmail.com wrote:
the number of already
> established connections in the kernel was the primary factor. You'd plateau
> after a certain point as new connections were trying to allocate the memory.

I never understood why anyone would have a problem with that.
Just pre-allocate a pool and (if you're really into it) marshall
your pools based on the hash function you use to match
the streams so that stream data related to a particular
hash chain tend to be in the same memory pages.

It always seemed to me that a lot of the "system design"
of firewalls was "let's put our head between our knees and
hope Moore's law or marketing takes care of it for us."

mjr.
--
Marcus J. Ranum CSO, Tenable Network Security, Inc.
http://www.tenablesecurity.com


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 39, Issue 8
***********************************************

No comments: