Date: Sun, 13 Jul 2008 12:50:20 +0200 From: "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de> To: freebsd-questions@freebsd.org Subject: FreeBSD 7.X/8.0: Firewall performance with pf, ipfw or ipf? Any benchmarks available? Message-ID: <4879DDEC.1010508@mail.zedat.fu-berlin.de>
next in thread | raw e-mail | index | archive | help
Hello, since FreeBSD 5.0 I was using 'pf' as the packet filter on FreeBSD due to some performance advantages over ipfw in the time when FreeBSD was introduced. Now I'm al littel bit detached from development and status quo. I read about problems in FreeBSD 7 when using 'pf' in a bridged environment, CPU load increaeses and packet drops are the result (on an IBM Server with Intel em0/1 NICs). Well, I'm pleased that FreeBSD comes with at least three packet filters (ipfw, ipf, pf), but at the end, the choice is up to me and in question of the better support and performance this leaves me alone in the dark. So, does any of the network experts do have benchmarked any of the packet filters? what is the preferred selection if someone would like to have a 'simple' packetfilter (no usage of special features of one of the mentioned packetfilters except of bridging and LAGG)? Talking about FreeBSD 8's virtualiziation capabilities on network stack: will this have implications on what filter will work or not (if ever, I do not know how abstract this virtualization is indeed from the packet filtering layer). So, sorry for the little confuses, Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4879DDEC.1010508>