Date: Thu, 25 Jul 2002 16:43:05 -0400 (EDT) From: Kenneth Culver <culverk@yumyumyum.org> To: James West <zerowren@msn.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NAT with Three NICs Message-ID: <20020725163849.J13432-100000@alpha.yumyumyum.org> In-Reply-To: <F25qQkHqJmvnfaAdNwA000253f6@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Now, this is another question I've had: > > what's the advantage of the ipfilter package over natd/ipfw? > > James > > Well, it's mostly personal prefrence from what I can tell... I like it because it's rules are easier to read, and it has a lot of nice monitoring tools that allow you to monitor the firewall state in real time. Not to mention that the whole thing, nat and firewall, is in the kernel. With ipfw and natd, packets have to be passed in and out of userland, causing context switches... This doesn't really cause a big performance issue for most people though, I've only seen problems on HUGE configurations. So basically (my opinion): ipfilter is easier to configure, easier to see stats for, and keeps packets in the kernel. Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020725163849.J13432-100000>