HP-UX IPFilter Version A.03.05.14 Administrator's Guide

Performance Guidelines

Rule Configuration

Appendix C188

• Consolidate rules whenever possible, to minimize searching. For

example:

pass in quick proto tcp from 15.13.103.72 to any keep limit

pass in quick proto tcp from 15.13.103.0-15.13.103.6 to any

keep limit 44

pass in quick proto tcp from 15.13.103.7 to any keep limit

pass in quick proto tcp from 15.13.103.8 to any keep limit

pass in quick proto tcp from 15.13.103.9 to any keep limit

pass in quick proto tcp from 15.13.103.10-15.13.103.255 to

any keep limit 44

pass in quick proto tcp from 15.13.104.0/24 to any keep

limit 44

pass in quick proto tcp from 15.13.105.0/24 to any keep

limit 44

pass in quick proto tcp from 15.13.106.0/24 to any keep

limit 44

pass in quick proto tcp from 15.13.107.0-15.13.107.78 to

any keep limit 44

The previous ruleset can be condensed to the following:

pass in quick proto tcp from 15.13.103.0-15.13.107.78 to

any keep limit 33 head 1

pass in quick proto tcp from 15.13.103.72 to any keep limit

80 group 1

pass in quick proto tcp from !15.13.103.7-15.13.103.9 to

any keep limit 44 group 1

•For keep limit rules, avoid the cumulative rule whenever possible.

If a large number of connections have the same source IP, destination

IP, and destination port, system performance is impacted by

cumulative rules. Non-cumulative keep limit rules keep a cache

based on the source IP, destination IP, and destination port.

Cumulative rules do not keep a cache based on these parameters.