I would like to know about internal efficiency when using interface lists in firewall rules. For example, if I need to match packets between multiple interfaces in all directions, what would be more efficient for CPU?
Using interface lists
/interface list
add name=testlist
/interface list member
add interface=vlan101 list=testlist
add interface=vlan102 list=testlist
/ip firewall mangle
add action=mark-packet chain=forward in-interface-list=testlist new-packet-mark=intervlan out-interface-list=testlist passthrough=yes
Using individual rules
/ip firewall mangle
add action=mark-packet chain=forward in-interface=vlan101 new-packet-mark=intervlan out-interface=vlan102 passthrough=yes
add action=mark-packet chain=forward in-interface=vlan102 new-packet-mark=intervlan out-interface=vlan101 passthrough=yes
This is an example with only two interfaces. The more interfaces are part of this configuration, the more rules would be needed. Lists are definitely easier from usability point of view, but I'm curious if it's also more efficient. On the other hand, if internally expanding the lists results in more rules, it could be slower potentially. Technically speaking, this example with two interfaces has the possibility of four variations: vlan101 => vlan101, vlan101 => vlan102, vlan102 => vlan102, vlan102 => vlan101.
This is more of an academic question, although with a large number of interfaces it could get practical meaning.