PF Tables & pfSense ??
-
Are there any plans to integrate PF tables in pfSense? (see http://www.openbsd.org/faq/pf/tables.html)
For those that aren't familiar with PF's built-in tables feature..
"A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses."
I've used this extensively in *BSD – it works well. This would be a big improvement in pfSense, as the UI for massive amounts of block rules (i.e. blacklisting much of AP/AFRNIC) quickly clutters in the firewall rules section -- let alone the perfomance increase that is gained.
-
Something else then "Firewall –> Aliases" ?
-
Something else then "Firewall –> Aliases" ?
Yes, something very different.
Please read the PF documentation, namely the section on PF Tables as I linked above to digest this core feature of PF.
-
If you run
pfctl -vvs Tables
in the Diagnostics…Command Prompt you will see pfSense is using tables. Now having better functionality so you can add your own would be nice. I too come from OBSD...
Aliases is an option, but better table support is the "right" way to do it ;)