ipfilter(4) needs maintainer
Olivier Cochard-Labbé
olivier at cochard.me
Mon Apr 15 12:44:15 UTC 2013
>
> I have been very stubborn IPFW user for very long time, but finally gave up
> in favor of PF. Nothing like that ever since. I am also not convinced IPFW
> is any faster than PF.
Hi Daniel,
I know that measuring PPS for a firewall is not enought for comparing
firewall performance (rfc3511 details lot's of the parameters, but on
my small&dirty bench lab with an old server
(one core Intel Pentium4 3.00GHz with a dual NIC 82546GB connected to
the PCI-X Bus) I've got theses differences (value are in Kpps, small
packet size) on FreeBSD 9.1:
- forwarding-only: 405 Kpps
- IPFW enabled: 320 Kpps
- PF enabled: 274 Kpps
IPFW was configured with only one line: add 3000 allow ip from any to any
And PF with one line too: pass
=> On this simple test, IPFW is "faster" than PF regarding the forwarding rate.
But without "ipfwsync" feature, IPFW is useless for our use case...
Regards,
Olivier
More information about the freebsd-current
mailing list