Date: Wed, 21 Nov 2001 19:41:45 +0200 From: "Dave Raven" <pheonix@area.co.za> To: <security@freebsd.org> Subject: Re: Best security topology for FreeBSD Message-ID: <009d01c172b3$cb35d5e0$3600a8c0@DAVE> References: <20011121183151.B15275@heresy.dreamflow.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
This may not be true, but I think that there is far less cpu utilization with IpFilter when it comes to rule proccessing. ----- Original Message ----- From: "Bart Matthaei" <bart@dreamflow.nl> To: "Dave Raven" <dave@raven.za.net> Cc: <security@freebsd.org> Sent: Wednesday, November 21, 2001 7:31 PM Subject: Re: Best security topology for FreeBSD > On Wed, Nov 21, 2001 at 07:25:12PM +0200, Dave Raven wrote: > > ipfw runs in the kernel, but NAT runs in userland. > > hmm.. bummer :) > > > With IPFilter this is not so, IPNat runs in the kernel and should be > faster. > > If you are planning on large usage I would recommend IPFilter (less > load) > > and IPNat. > > I still dont see why ipf would be better when it comes to filtering. > > B. > > -- > Bart Matthaei bart@dreamflow.nl > > /* Welcome to my world.. You just live in it */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009d01c172b3$cb35d5e0$3600a8c0>