The stateless benchmark indicates that rule set evaluation is very expensive in comparison to state table lookups. During the initial tests, pf was considerably slower in evaluating rules than IPFilter.The slower performance is explained by the fact that pf used to evaluate the rule set three times for every packet that passes an interface: twice to look for scrub rules which determine whether IP and TCP normalization should be performed and once to look for pass and block rules. Iptables allows the definition of and jumps to chains of rules. As a result, the rule set becomes a tree instead of a linked list. IPFilter permits the definition of rule groups, which are only evaluated when a packet matches a head rule. pf uses skip-steps to automatically skip rules that cannot apply to a specific packet. In summary, iptables perform the best for stateless rules and pf performs the best when using stateful filtering. old enough 我用电子盘,烧录好镜像了,启动之后,出现6个选项,请问,如何选择进行设置,我烧的是1.2版本,网上好多教程说得都是1.11的,都是启动之后出现5个选项的,和现在1.2出现的6个选项内容完全不同,不知道该怎么设置,我想把IP地址直接改成192.168.123.×,因为我局域网是这个网段,好调试,不知道怎么办才可以,请指点,我的QQ 76842750
页:
[1]