Date: Fri, 2 Jan 2015 08:53:34 -0800 From: Adrian Chadd <adrian@freebsd.org> To: Mark Felder <feld@freebsd.org> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: [FreeBSD 11 Wishlist] Replacing an OpenBSD Firewall Message-ID: <CAJ-VmokPepw8K7Cu1-z5YVRCETKPf28VXhGx8u2cD-23TAMnFA@mail.gmail.com> In-Reply-To: <1420213273.622796.208841861.04300699@webmail.messagingengine.com> References: <1419995051.3716640.208176841.1676669A@webmail.messagingengine.com> <1420213273.622796.208841861.04300699@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 January 2015 at 07:41, Mark Felder <feld@freebsd.org> wrote: > UPDATE: > > I have everything working except QoS, so thanks for the 6rd gif tunnel > workaround Nathan. ALTQ being absent from GENERIC is another sore spot > that should be investigated. I'm waiting for Gleb to do up his ifnet changes so we can do ninja replacements of altq with something that won't cause massive normal performance problems even if it's not being used. (altq isn't compatible with the if_transmit method of doing transmit handling, so drivers that support altq end up implementing the older if_start method - that's a single queue and simply locked. It just doesn't work well for 10g and above. > I've been encouraged to use ipfw and dummynet, but converting my > firewall rules again is not something I'm enthusiastic about. I'll note > that FreeBSD is often praised for including pf while ipfw is completely > overlooked; our own Handbook even puts pf before ipfw. That certainly > sends a message that we may not be intending to send and should be > considered carefully. Well, I bet the handbook updates were written by a pf-loving person. :) ipfw is pretty awesome today. -adrian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmokPepw8K7Cu1-z5YVRCETKPf28VXhGx8u2cD-23TAMnFA>