On Thu, Jul 08, 2004 at 06:28:49PM +0100, Antony Stone wrote: > On Thursday 08 July 2004 6:10 pm, Erik Wikström wrote: > > I would turn the question around to you: why do you think it is better to have > the rules arranged into different chains as you have suggested? Do you > think that is easier to understand? (If you *do* find it easier to > understand, then go ahead and do it, don't do what *I* find easy to work > with.) My thought was that by sorting the packets by type at first and then make a more througout filtering I would avoid the overhead of having, for example, a UDP packet go through a lot of rules concerning TCP- packets. But, as you say it leads to a quite complicated structure, but since the firewall is quite old (75MHz) and a lot of P2P traffic is passing through I thought that it might have some value. -- Erik Wikström
