From owner-freebsd-questions Fri Oct 12 9:14:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pickup3-ld.pvd.loa.net (pickup.loa.com [199.171.167.59]) by hub.freebsd.org (Postfix) with SMTP id 68D3237B40D for ; Fri, 12 Oct 2001 09:14:04 -0700 (PDT) Received: (qmail 6034 invoked by uid 0); 12 Oct 2001 16:14:03 -0000 Received: from unknown (HELO pretorian) ([208.130.43.221]) (envelope-sender ) by pickup3-ld.pvd.loa.net (qmail-ldap-1.03) with SMTP for <>; 12 Oct 2001 16:14:03 -0000 Message-ID: <004901c15338$ed9c4500$24b4a8c0@pretorian> From: "Maine LOA List Admin (Brent Bailey)" To: "Hartmann, O." , Cc: References: <20011012154307.O52936-100000@klima.physik.uni-mainz.de> Subject: Re: IPFW or IPFILTER? Date: Fri, 12 Oct 2001 12:14:10 -0400 Organization: Log On America MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Everything ive read on FBSD site...as well from experiance is that IPFW is more versitile...you can do more with it including traffic shaping .. "pipe & queue" & dummynet...as well as plain out better firewall than IPFILTER. again this is mostly opinion as far as speed IPFW is a hair slower than IPFILTER. ..but im sure you wouldnt even notice the differrence.. I run 2 FBSD gateways machines running IPFW w/ NATD ...each gateway is supporting 100+ users and workstations each....and never had any issues with setting up for speed or stability...both FBSD machine have uptimes in excess of 200 days. plus the fact theres tons of "howto's " for IPFW and NAT. B ----- Original Message ----- From: "Hartmann, O." To: Cc: Sent: Friday, October 12, 2001 9:46 AM Subject: IPFW or IPFILTER? > Hello. > > Please do not understand this question as a question of what I believ in, > it is simply a question of what to use for best performance. > > FreeBSD uses two filtering systems, ipfw and ipfilter and each of these > both systems has its own adavantages and disadvantages. ipfilter seems to > be more sophisticated in how to write rules. > At the moment, we use ipfw around here due to the easy rule syntax. But > that is not that what should be the main argument. I want to ask for the > performance, mean the throughput/bandwith. Does anyone know something > about the bandwith of both filters? What are the pro and contras? > > Thanks, > Oliver > > -- > MfG > O. Hartmann > > ohartman@klima.physik.uni-mainz.de > ---------------------------------------------------------------- > IT-Administration des Institutes fuer Physik der Atmosphaere (IPA) > ---------------------------------------------------------------- > Johannes Gutenberg Universitaet Mainz > Becherweg 21 > 55099 Mainz > > Tel: +496131/3924662 (Maschinenraum) > Tel: +496131/3924144 > FAX: +496131/3923532 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message