> > I have been very stubborn IPFW user for very long time, but finally gave up > in favor of PF. Nothing like that ever since. I am also not convinced IPFW > is any faster than PF. Hi Daniel, I know that measuring PPS for a firewall is not enought for comparing firewall performance (rfc3511 details lot's of the parameters, but on my small&dirty bench lab with an old server (one core Intel Pentium4 3.00GHz with a dual NIC 82546GB connected to the PCI-X Bus) I've got theses differences (value are in Kpps, small packet size) on FreeBSD 9.1: - forwarding-only: 405 Kpps - IPFW enabled: 320 Kpps - PF enabled: 274 Kpps IPFW was configured with only one line: add 3000 allow ip from any to any And PF with one line too: pass => On this simple test, IPFW is "faster" than PF regarding the forwarding rate. But without "ipfwsync" feature, IPFW is useless for our use case... Regards, OlivierReceived on Mon Apr 15 2013 - 10:44:15 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:36 UTC