Re: [Fwbuilder-discussion] fwb_ipt compile hangs if rule using long "Address Table" object is inclu
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] fwb_ipt compile hangs if rule using long "Address Table" object is included @ compile_time.
|
From: snowcrash+fwbuilder <sch...@gm...> - 2006-12-20 21:51:21
|
hi vadim, > there is no limit per se, but using very long list of addresses in a > rule makes compiler expand the rule and analyse every combination of > addresses between source and destination, plus a combination of that > with every service. This may lead to a lot of combinations, which > takes a long time to process. Compiler did not hang, it was going > over these combinations. ok, that's clear. is >20 minutes *not* an unreasonable amount of processing time on a 1GHz PPC? seems like it, but if the # of permutations are large ... is there a better, or faster, rule structure to use to block all these? thanks. |