Date: Tue, 27 Feb 1996 11:26:34 -0500 From: dennis@etinc.com (dennis) To: hackers@freebsd.org Subject: Re: IPFW - how fast/robust is it ? Message-ID: <199602271626.LAA02961@etinc.com>
next in thread | raw e-mail | index | archive | help
>> Hi there folx, >> >> I'm about to implement some filtering here >> on user servers , namely I want to disallow >> users to provide any TCP services (bind and >> listen on ports above 1024). >> >> They should be able to use ftp in the passive mode, >> so there's no problem there. >> >> So as I understand I can do it via IPFW mechanism. >> The only Q is , since the thing is so deep in the >> kernel , how robust and stable it is ? >> >> How does it affect the networking in the sense of >> speed , etc ? > >I haven't noticed significant performance degradation running a dozen and a >half rules on a busy 386DX/40 (T1 router). Stability is impeccable for most >things (some features I tried under 2.0.5R had some problems, but the basics >are rock solid). The router in question was up over 100 days. > >That's not to say there isn't a performance penalty, I'm just saying I >haven't noticed it if it's there. You won't notice much on a single serial line system...if you're doing local routing and have a lot of rules you will. db
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602271626.LAA02961>