From owner-freebsd-hackers Mon Feb 26 17:43:54 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id RAA06693 for hackers-outgoing; Mon, 26 Feb 1996 17:43:54 -0800 (PST) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id RAA06686 for ; Mon, 26 Feb 1996 17:43:49 -0800 (PST) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id TAA16322; Mon, 26 Feb 1996 19:42:39 -0600 From: Joe Greco Message-Id: <199602270142.TAA16322@brasil.moneng.mei.com> Subject: Re: IPFW - how fast/robust is it ? To: rashid@rk.ios.com (Rashid Karimov) Date: Mon, 26 Feb 1996 19:42:38 -0600 (CST) Cc: hackers@freebsd.org In-Reply-To: <199602261615.LAA03858@rk.ios.com> from "Rashid Karimov" at Feb 26, 96 11:15:49 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org Precedence: bulk > Hi there folx, > > I'm about to implement some filtering here > on user servers , namely I want to disallow > users to provide any TCP services (bind and > listen on ports above 1024). > > They should be able to use ftp in the passive mode, > so there's no problem there. > > So as I understand I can do it via IPFW mechanism. > The only Q is , since the thing is so deep in the > kernel , how robust and stable it is ? > > How does it affect the networking in the sense of > speed , etc ? I haven't noticed significant performance degradation running a dozen and a half rules on a busy 386DX/40 (T1 router). Stability is impeccable for most things (some features I tried under 2.0.5R had some problems, but the basics are rock solid). The router in question was up over 100 days. That's not to say there isn't a performance penalty, I'm just saying I haven't noticed it if it's there. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968