No way to say - it only slows things down when you need to go deep into a
filter, since it stops checking at the first match.
I could have 1000 lines, but if the packets never went past the 10th rule
the speed is the same as a 10 line filter. This is why ordering does matter
a GREAT deal. Also, a well ordered filter can have fewer rules. You may
be able to group multiple permit or deny rules into one block and make it
shorter.
>I know that using, for instance, an outbound ethernet filter is more
>efficient than many inbound serial ones, but then I leave users able to
>telnet to my PMs, and that's a no-no.
Why not use a combination - basic filters on the serial ports to block ports
like telnet, and then in and out filters on the ether to take care of that
side too?
-MZ
-- Livingston Enterprises - Chair, Department of Interstitial Affairs Phone: 800-458-9966 510-737-2100 FAX: 510-737-2110 megazone@livingston.com For support requests: support@livingston.com <http://www.livingston.com/> Snail mail: 4464 Willow Road, Pleasanton, CA 94588