|
|
|
|
|
|
by ta20210405
1898 days ago
|
|
|
>The key is “for each packet”, because it’s bucket based it will entirely skip evaluation for packets that do not match. That is how it works in nftables. >but I can see how it could be confusing if you’re used to iptables and only think in those terms. Considering you're misunderstanding some basics about nftables and iptables here, I think you need to look in the mirror. >I posted the architectural diagrams of both in another comment on this thread yesterday, I think you missed that. I saw, and it only reenforced the fact that that's how nftables works. Hilariously enough, the OpenBSD webpage crashed and wouldn't load, giving various 500 and 42X errors. |
|
|
Also, it specifically outlined how more rules slow down of on FreeBSD, and how poor multicore support is on pf.