• Auli@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    13 days ago

    They’re not checked against every rule. First pass it stops.

    • schizo@forum.uncomfortable.business
      link
      fedilink
      English
      arrow-up
      1
      ·
      13 days ago

      Yeah, maybe could have been clearer.

      I was very vividly remembering a VERY SMART client I had a while ago that had like 600 rules blocking all manner of ports and protocols and IPs, and wondering why everything performed like dogshit.

      Sure, it’ll go until it hits the first match, but if you have enough rules, you’re going to be churning through an awful lot of cpu getting everything to the first match.

      OP may not have been intending to do something quite that uh, special, but people do funky things.