PGNd
2014-Aug-11 17:02 UTC
Firewall optimization -- tweak as-written rules and/or depend on OPTIMIZE= ?
Given the simple /rules example #ACTION SOURCE DEST PROTO DEST # PORT ACCEPT net $FW tcp 1234 ACCEPT net $FW udp 5678 Is there additional/further Shorewall 'shorthand' that should 'better' consolidate. Something equivalent to, ACCEPT net $FW tcp:1234,udp:5678 perhaps ? My understanding suggests that it may not be worth worrying about, as the written rules might only effect COMPILE time. The RUNTIME performance of the firewall would be dictated by the OPTIMIZE level. In my case I've set it in shorewall.conf to OPTIMIZE=All How dependent is runtime performance on config file 'style'? Just ignore it, and depend on the OPTIMIZEr to do its best? ------------------------------------------------------------------------------