Commit 2d76c486 authored by Ian Matyssik's avatar Ian Matyssik Committed by Franco Fichtner

Add ruleset-optimization for better performance

(cherry picked from commit 8cdd61f0)
parent 8d267506
...@@ -455,6 +455,12 @@ function filter_configure_sync($verbose = false) ...@@ -455,6 +455,12 @@ function filter_configure_sync($verbose = false)
$limitrules .= "set limit table-entries {$config['system']['maximumtableentries']}\n"; $limitrules .= "set limit table-entries {$config['system']['maximumtableentries']}\n";
} }
if (!empty($config['system']['rulesetoptimization'])) {
$limitrules .= "set ruleset-optimization {$config['system']['rulesetoptimization']}\n";
} else {
$limitrules .= "set ruleset-optimization basic\n";
}
if ($config['system']['optimization'] <> "") { if ($config['system']['optimization'] <> "") {
$limitrules .= "set optimization {$config['system']['optimization']}\n"; $limitrules .= "set optimization {$config['system']['optimization']}\n";
if ($config['system']['optimization'] == "conservative") { if ($config['system']['optimization'] == "conservative") {
......
...@@ -44,6 +44,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -44,6 +44,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['ipv6allow'] = isset($config['system']['ipv6allow']); $pconfig['ipv6allow'] = isset($config['system']['ipv6allow']);
$pconfig['disablefilter'] = !empty($config['system']['disablefilter']); $pconfig['disablefilter'] = !empty($config['system']['disablefilter']);
$pconfig['optimization'] = isset($config['system']['optimization']) ? $config['system']['optimization'] : "normal"; $pconfig['optimization'] = isset($config['system']['optimization']) ? $config['system']['optimization'] : "normal";
$pconfig['rulesetoptimization'] = isset($config['system']['rulesetoptimization']) ? $config['system']['rulesetoptimization'] : "basic";
$pconfig['maximumstates'] = isset($config['system']['maximumstates']) ? $config['system']['maximumstates'] : null; $pconfig['maximumstates'] = isset($config['system']['maximumstates']) ? $config['system']['maximumstates'] : null;
$pconfig['maximumfrags'] = isset($config['system']['maximumfrags']) ? $config['system']['maximumfrags'] : null; $pconfig['maximumfrags'] = isset($config['system']['maximumfrags']) ? $config['system']['maximumfrags'] : null;
$pconfig['adaptivestart'] = isset($config['system']['adaptivestart']) ? $config['system']['adaptivestart'] : null; $pconfig['adaptivestart'] = isset($config['system']['adaptivestart']) ? $config['system']['adaptivestart'] : null;
...@@ -169,6 +170,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -169,6 +170,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
$config['system']['optimization'] = $pconfig['optimization']; $config['system']['optimization'] = $pconfig['optimization'];
$config['system']['rulesetoptimization'] = $pconfig['rulesetoptimization'];
$config['system']['maximumstates'] = $pconfig['maximumstates']; $config['system']['maximumstates'] = $pconfig['maximumstates'];
$config['system']['maximumfrags'] = $pconfig['maximumfrags']; $config['system']['maximumfrags'] = $pconfig['maximumfrags'];
$config['system']['aliasesresolveinterval'] = $pconfig['aliasesresolveinterval']; $config['system']['aliasesresolveinterval'] = $pconfig['aliasesresolveinterval'];
...@@ -448,6 +450,40 @@ include("head.inc"); ...@@ -448,6 +450,40 @@ include("head.inc");
</div> </div>
</td> </td>
</tr> </tr>
<tr>
<td><a id="help_for_rulesetoptimization" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Firewall Rules Optimization");?></td>
<td>
<select onchange="update_description(this.selectedIndex);" name="rulesetoptimization" id="rulesetoptimization" class="selectpicker" data-style="btn-default">
<option value="none"<?=$pconfig['rulesetoptimization']=="none" ? " selected=\"selected\"" : ""; ?>>
<?=gettext("none");?>
</option>
<option value="basic"<?=$pconfig['rulesetoptimization']=="basic" ? " selected=\"selected\"" : ""; ?>>
<?=gettext("basic");?>
</option>
<option value="profile"<?=$pconfig['rulesetoptimization']=="profile" ? " selected=\"selected\"" : ""; ?>>
<?=gettext("profile");?>
</option>
</select>
<div class="hidden" for="help_for_rulesetoptimization">
<?=gettext("Select the type of rules optimization to use");?>
<table class="table table-condensed">
<tr>
<td><strong><?=gettext("none");?></strong></td>
<td><?=gettext("Disable the ruleset optimizer.");?></td>
</tr>
<tr>
<td><strong><?=gettext("basic");?></strong></td>
<td><?=gettext("(default) Basic ruleset optimization does four things to improve the performance of ruleset evaluations: remove duplicate rules; remove rules that are a subset of another rule; combine multiple rules into a table when advantageous; re-order the rules to improve evaluation performance");?></td>
</tr>
<tr>
<td><strong><?=gettext("profile");?></strong></td>
<td><?=gettext("Uses the currently loaded ruleset as a feedback profile to tailor the ordering of quick rules to actual network traffic.");?></td>
</tr>
</table>
<hr/>
</div>
</td>
</tr>
<tr> <tr>
<td><a id="help_for_disablefilter" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Disable Firewall");?></td> <td><a id="help_for_disablefilter" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Disable Firewall");?></td>
<td> <td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment