Date: Mon, 26 Feb 1996 19:42:38 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: rashid@rk.ios.com (Rashid Karimov) Cc: hackers@freebsd.org Subject: Re: IPFW - how fast/robust is it ? Message-ID: <199602270142.TAA16322@brasil.moneng.mei.com> In-Reply-To: <199602261615.LAA03858@rk.ios.com> from "Rashid Karimov" at Feb 26, 96 11:15:49 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi there folx, > > I'm about to implement some filtering here > on user servers , namely I want to disallow > users to provide any TCP services (bind and > listen on ports above 1024). > > They should be able to use ftp in the passive mode, > so there's no problem there. > > So as I understand I can do it via IPFW mechanism. > The only Q is , since the thing is so deep in the > kernel , how robust and stable it is ? > > How does it affect the networking in the sense of > speed , etc ? I haven't noticed significant performance degradation running a dozen and a half rules on a busy 386DX/40 (T1 router). Stability is impeccable for most things (some features I tried under 2.0.5R had some problems, but the basics are rock solid). The router in question was up over 100 days. That's not to say there isn't a performance penalty, I'm just saying I haven't noticed it if it's there. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602270142.TAA16322>