Date: Mon, 27 Jan 2003 15:56:37 -0500 From: Mike Tancsa <mike@sentex.net> To: stable@freebsd.org Subject: ipfw2 vs ipfilter Message-ID: <5.2.0.9.0.20030127143019.069e3380@marble.sentex.ca>
next in thread | raw e-mail | index | archive | help
Hello all, I am looking for information to help me decide which will offer the best performance on a FreeBSD firewall with a LOT of interfaces (50+ vlan ints). I had a search and didnt find anything specifically comparing ipfw2 to ipfilter. Has anyone done any benchmarks ? If not, I am probably going to take the time to try and simulate it here to see if I can come up with some numbers. However, I thought I would ask first to see if someone has gone through this exercise before. To test things, I was going to use netperf and iperf. Does anyone have any better recommendations ? Fast ------- slower FreeBSD --------- Fast FreeBSD FreeBSD Box acting as router box And vary between ipfw2 and ipfilter on the slower box with a similar mix of rulesets that I would want to use.... Rule wise, I am happy with either, except I would really miss ipfw's concept of 'me'. e.g. ipfw add 5000 deny log tcp from any to me 2604. It makes for much nicer rule writing, but underneath it all, I dont if its any better than the 50 plus statements required in ipfilter. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030127143019.069e3380>