[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: IP Filters?
From:       Darren Reed <avalon () coombs ! anu ! edu ! au>
Date:       1997-07-04 13:52:30
[Download RAW message or body]

In some mail from Fernando da Silveira Montenegro, sie said:
> 
>  Hello all!
> 
> What seems to be the general consensus on how many filtering rules one can
> configure on a router without imposing a noticeable performance penalty:
> 10? 50? 100?

That's the wrong way to think about it.

If you're even considering performance, then 0 rules is the number to use.

If you're serious about your security, you use as many rules as required to
safely secure your network, irrespective of performance problems (which
should be addressed through other means, such as faster hardware), at your
router.  This might mean you just block spoofing attacks, with your firewall
providing further security for applications, etc.

darren

[prev in list] [next in list] [prev in thread] [next in thread]