From owner-freebsd-current@FreeBSD.ORG Mon Apr 15 12:44:15 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id C933D97B for ; Mon, 15 Apr 2013 12:44:15 +0000 (UTC) (envelope-from cochard@gmail.com) Received: from mail-ve0-f174.google.com (mail-ve0-f174.google.com [209.85.128.174]) by mx1.freebsd.org (Postfix) with ESMTP id 88473E21 for ; Mon, 15 Apr 2013 12:44:15 +0000 (UTC) Received: by mail-ve0-f174.google.com with SMTP id jz10so4073530veb.19 for ; Mon, 15 Apr 2013 05:44:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=ZMDVR6SoDYpintoLbf5xsgRoyROqC3wtlWJV63GP9Zk=; b=PENYyRsQ4ysFCw/Lyla5UarZcb4TwzSujsvgrAziSpyINHqG2k7KtFC9gaKhk8YTJN Eas3MirmqAG9r3Jz6NcNmXxS2NgxrCuZwnoW2auHuPO8wRYMG+ax0VQGm7AM/z4QrerY WyVMmB6PvWWKjSlIXLa9hFVhyDd8q6X8pLNL93XloZZJMuEPMRD0YniCBySvJG1sSbX6 PCDiEjfGBMRfcQDSfBNvmL2avpmKTQNs3u0x0UaLhyrt+7AAUOalUPHl6GV8Tu8d1Iiq DncwtN0l3Kip7+CZlJ5xhcSBgbmwXg1mVBYKO7wS2J2LnlnMDjZMlkJfM6sFahd2Yx1o 80iw== X-Received: by 10.220.68.202 with SMTP id w10mr5003177vci.5.1366029854641; Mon, 15 Apr 2013 05:44:14 -0700 (PDT) MIME-Version: 1.0 Sender: cochard@gmail.com Received: by 10.59.9.103 with HTTP; Mon, 15 Apr 2013 05:43:54 -0700 (PDT) In-Reply-To: <516BDA15.6000605@digsys.bg> References: <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com> <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net> <516AFB99.2040007@rewt.org.uk> <516BDA15.6000605@digsys.bg> From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= Date: Mon, 15 Apr 2013 14:43:54 +0200 X-Google-Sender-Auth: qD3pcTRG57zyR0q3YeOnZXbq0L0 Message-ID: Subject: Re: ipfilter(4) needs maintainer To: Daniel Kalchev Content-Type: text/plain; charset=ISO-8859-1 Cc: "freebsd-current@freebsd.org" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2013 12:44:15 -0000 > > I have been very stubborn IPFW user for very long time, but finally gave up > in favor of PF. Nothing like that ever since. I am also not convinced IPFW > is any faster than PF. Hi Daniel, I know that measuring PPS for a firewall is not enought for comparing firewall performance (rfc3511 details lot's of the parameters, but on my small&dirty bench lab with an old server (one core Intel Pentium4 3.00GHz with a dual NIC 82546GB connected to the PCI-X Bus) I've got theses differences (value are in Kpps, small packet size) on FreeBSD 9.1: - forwarding-only: 405 Kpps - IPFW enabled: 320 Kpps - PF enabled: 274 Kpps IPFW was configured with only one line: add 3000 allow ip from any to any And PF with one line too: pass => On this simple test, IPFW is "faster" than PF regarding the forwarding rate. But without "ipfwsync" feature, IPFW is useless for our use case... Regards, Olivier