From owner-freebsd-security@FreeBSD.ORG Wed Mar 6 01:55:08 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 88F23D90 for ; Wed, 6 Mar 2013 01:55:08 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [66.62.230.51]) by mx1.freebsd.org (Postfix) with ESMTP id 277C49BB for ; Wed, 6 Mar 2013 01:55:07 +0000 (UTC) Received: from Toshi.lariat.net (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2] (may be forged)) by lariat.net (8.9.3/8.9.3) with ESMTP id SAA04749; Tue, 5 Mar 2013 18:40:51 -0700 (MST) Message-Id: <201303060140.SAA04749@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Tue, 05 Mar 2013 18:40:50 -0700 To: Robert Simmons , freebsd-security@freebsd.org From: Brett Glass Subject: Re: Firewall Options In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Mailman-Approved-At: Wed, 06 Mar 2013 02:29:37 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2013 01:55:08 -0000 This brings up a question I hadn't thought to ask before. How SMP-friendly is the current implementation of IPFW? I will be building some routers/firewalls that will require high performance, and do not want to run into a situation where the firewall is single-threaded (or giant-locked) and becomes a bottleneck. --Brett Glass