From owner-freebsd-questions Fri Oct 12 7: 6:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id A3E8837B401 for ; Fri, 12 Oct 2001 07:06:46 -0700 (PDT) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.3/8.9.3) with ESMTP id f9CE5O383451; Fri, 12 Oct 2001 11:05:24 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Fri, 12 Oct 2001 11:05:24 -0300 (ART) From: Fernando Gleiser To: "Hartmann, O." Cc: Subject: Re: IPFW or IPFILTER? In-Reply-To: <20011012154307.O52936-100000@klima.physik.uni-mainz.de> Message-ID: <20011012105749.M83020-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 12 Oct 2001, Hartmann, O. wrote: > Hello. > > FreeBSD uses two filtering systems, ipfw and ipfilter and each of these > both systems has its own adavantages and disadvantages. ipfilter seems to > be more sophisticated in how to write rules. > At the moment, we use ipfw around here due to the easy rule syntax. But > that is not that what should be the main argument. I want to ask for the > performance, mean the throughput/bandwith. Does anyone know something > about the bandwith of both filters? What are the pro and contras? This is not a scientific test, but two reasons why I think ipf may be faster are: 1) NAT is done inside the kernel (no need to copy the packet to userland and back) 2) rule groups: if your rule set is large, you can make it tree shaped instead of a linear list, so the search time for a rule is lower. Depending on your rule set and load they may or may not have a performance impact. Fer > > Thanks, > Oliver > > -- > MfG > O. Hartmann > > ohartman@klima.physik.uni-mainz.de > ---------------------------------------------------------------- > IT-Administration des Institutes fuer Physik der Atmosphaere (IPA) > ---------------------------------------------------------------- > Johannes Gutenberg Universitaet Mainz > Becherweg 21 > 55099 Mainz > > Tel: +496131/3924662 (Maschinenraum) > Tel: +496131/3924144 > FAX: +496131/3923532 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message