From owner-freebsd-questions Fri Oct 12 7:37:28 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtp05.wxs.nl (smtp05.wxs.nl [195.121.6.57]) by hub.freebsd.org (Postfix) with ESMTP id D5B1137B401 for ; Fri, 12 Oct 2001 07:37:23 -0700 (PDT) Received: from cybertron.tmfweb.nl ([213.10.151.186]) by smtp05.wxs.nl (Netscape Messaging Server 4.15) with ESMTP id GL3KM901.308; Fri, 12 Oct 2001 16:37:22 +0200 Message-ID: <3BC70011.3000900@cybertron.tmfweb.nl> Date: Fri, 12 Oct 2001 16:37:05 +0200 From: Alfatrion User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1 X-Accept-Language: en-us MIME-Version: 1.0 To: Fernando Gleiser Cc: "Hartmann, O." , freebsd-questions@FreeBSD.ORG Subject: Re: IPFW or IPFILTER? References: <20011012105749.M83020-100000@cactus.fi.uba.ar> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Fernando Gleiser wrote: > On Fri, 12 Oct 2001, Hartmann, O. wrote: > > >>Hello. >> >>FreeBSD uses two filtering systems, ipfw and ipfilter and each of these >>both systems has its own adavantages and disadvantages. ipfilter seems to >>be more sophisticated in how to write rules. >>At the moment, we use ipfw around here due to the easy rule syntax. But >>that is not that what should be the main argument. I want to ask for the >>performance, mean the throughput/bandwith. Does anyone know something >>about the bandwith of both filters? What are the pro and contras? >> > > 2) rule groups: if your rule set is large, you can make it tree shaped > instead of a linear list, so the search time for a rule is lower. Not true, this is also posible in IPFW. Check out the skipto action. Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message