>I could have 1000 lines, but if the packets never went past the 10th rule
>the speed is the same as a 10 line filter. This is why ordering does
matter
>a GREAT deal. Also, a well ordered filter can have fewer rules. You may
>be able to group multiple permit or deny rules into one block and make it
>shorter.
Is there a way to see how many packets are being handled by each rule
(similar to Cisco "show access-list x"), so I can play with the ordering
based on actual data? If not, what does it take go make it an RFE? :-)
>Why not use a combination - basic filters on the serial ports to block
ports
>like telnet, and then in and out filters on the ether to take care of
that
>side too?
Hmmm. Good idea. Thanks!
>-MZ
Regards,
Fernando
-- Fernando da Silveira Montenegro Nutec Informatica System/Network Administrator Sao Paulo, SP, BRAZIL mailto:montenegro@nutec.com.br http://www.nutecnet.com.br voice.:+55-11-5505-5728 #include <disclaimer.h>