I noticed that the demo router’s virus list differs from the example list in the wiki (http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter).
There are some duplicates between the two, which made me wonder if it’s less or more processor intensive to process a single chain of viruses than multiple chains with fewer entries, or if it makes that much difference.
Either way shouldn’t really make a difference at all. Mainly a personal preference for organizing rules. It’s going to try each rule until it gets a hit either way. Of course, you really don’t want the same traffic hitting duplicate rules though.
each jump rule adds some overhead, since packet has to be moved from one chain to another. But you have to take into account that if it is used wisely, that can reduce number of rules that some packets has to pass, thus reducing the load.
You would need a HUGE amount of jumps to add up to anything significant.
It’s so easy to get a jumbled mess of rules, anything you do to keep them organized helps.
I wish there was some sort of program to help diagram large numbers of rules easily for network planning. Does anyone know of any such product???