Date: Tue, 27 Dec 2011 11:15:33 +0100 From: Damien Fleuriot <ml@my.gd> To: freebsd-net@freebsd.org Subject: PF vs IPFW (was: Re: Firewall Profiling.) Message-ID: <4EF99AC5.4030104@my.gd> In-Reply-To: <1498545030.20111227015431@nitronet.pl> References: <1498545030.20111227015431@nitronet.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/27/11 1:54 AM, Pawel Tyll wrote: > Hi lists, > > Are there any profiling tools in the system or ports that would allow > me to determine how much processing is being done per packet and how > long does it take? I would like to predict possible PPS load for my > system and perhaps locate and remove some bottlenecks. > > Is IPFW efficient enough to firewall 2x10GE (in+out) interfaces > without much latency increase, when running on modern hardware > with Intel NICs? Majority of processing tasks would probably be setfib > according to matches in tables. > > Pawel. > Sorry for hijacking the thread. Is there a reason some people use IPFW over PF ? Like, performance perhaps ? Since its inclusion in the base system, I have only ever used PF and have never had major problems with it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EF99AC5.4030104>