Hi, just a quick question.
Recently I upgraded to HAP AC2, and I see now all default rules use interface lists LAN and WAN.
Would I get worse performance if I’d change my working config to interface lists instead of specific interfaces?
I remember reading somewhere that address lists would slow down rule processing if used abundantly, is that a thing with interface lists too?
I have 3 WANs, so the general choice would be between making one firewall/nat rule for interface list or making 3 rules for each interface (masquerade, dstnat, etc)
Though I think that even if there is a performance hit it would be very negligible with a quad-core CPU, just interested in ‘best practices’ I guess
The lists make our lifes easier: with 3 WAN links, and lists, you don’t have to change/create 3 rules - one for each interface. You just create a rule to a list. Much easier than deal with 3 of them.
I don’t think that it will have a measurable impact on performance. The address lists can - but we would be talking about thousands of addresses. With just… 10? 20? interfaces? Give me lists all the way.
Thanks for replies!
In practical tests I see this new CPU is so more powerful than my previous one (RB751G). My previous router was struggling (>90% cpu) with just 1.5mbytes/sec traffic over OpenVPN, while ac^2 goes up to 11 mbytes/s and is still at 10-11% CPU utilization.
I definitely won’t notice any slowdowns from using any lists…
