Date: Fri, 12 Oct 2001 11:05:24 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: "Hartmann, O." <ohartman@klima.physik.uni-mainz.de> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: IPFW or IPFILTER? Message-ID: <20011012105749.M83020-100000@cactus.fi.uba.ar> In-Reply-To: <20011012154307.O52936-100000@klima.physik.uni-mainz.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Oct 2001, Hartmann, O. wrote: > Hello. > > FreeBSD uses two filtering systems, ipfw and ipfilter and each of these > both systems has its own adavantages and disadvantages. ipfilter seems to > be more sophisticated in how to write rules. > At the moment, we use ipfw around here due to the easy rule syntax. But > that is not that what should be the main argument. I want to ask for the > performance, mean the throughput/bandwith. Does anyone know something > about the bandwith of both filters? What are the pro and contras? This is not a scientific test, but two reasons why I think ipf may be faster are: 1) NAT is done inside the kernel (no need to copy the packet to userland and back) 2) rule groups: if your rule set is large, you can make it tree shaped instead of a linear list, so the search time for a rule is lower. Depending on your rule set and load they may or may not have a performance impact. Fer > > Thanks, > Oliver > > -- > MfG > O. Hartmann > > ohartman@klima.physik.uni-mainz.de > ---------------------------------------------------------------- > IT-Administration des Institutes fuer Physik der Atmosphaere (IPA) > ---------------------------------------------------------------- > Johannes Gutenberg Universitaet Mainz > Becherweg 21 > 55099 Mainz > > Tel: +496131/3924662 (Maschinenraum) > Tel: +496131/3924144 > FAX: +496131/3923532 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011012105749.M83020-100000>