Hi guys.
Let's say I have got 3 VLANs - vlan10, vlan20, vlan30 - and 300 fw rules, 100 per VLAN, based on accepting connections to dst.address lists vlan10, vlan20, vlan30.
Some packets have to be processed through all 300 rules in this scenario.
And now I'm thinking about adding jump rules into my config:
1) if dst.address list is vlan10, jump to chain "IntoVlan10",
2) group vlan10 rules into chain "IntoVlan10",
3) add in this chain drop rule at the bottom,
4) do it for other vlans.
In this scenario some packets have to be processed through 100 rules + jump rules.
Let's not discuss other rules and focus only on the example for now.
Am I thinking properly? Is it a good direction and it should improve router performance?
Let's say I have got 3 VLANs - vlan10, vlan20, vlan30 - and 300 fw rules, 100 per VLAN, based on accepting connections to dst.address lists vlan10, vlan20, vlan30.
Some packets have to be processed through all 300 rules in this scenario.
And now I'm thinking about adding jump rules into my config:
1) if dst.address list is vlan10, jump to chain "IntoVlan10",
2) group vlan10 rules into chain "IntoVlan10",
3) add in this chain drop rule at the bottom,
4) do it for other vlans.
In this scenario some packets have to be processed through 100 rules + jump rules.
Let's not discuss other rules and focus only on the example for now.
Am I thinking properly? Is it a good direction and it should improve router performance?
Statistics: Posted by McGremlin — Tue Jan 16, 2024 10:07 pm