From owner-freebsd-security Sun Jul 30 21: 5:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 2928D37BA61 for ; Sun, 30 Jul 2000 21:05:40 -0700 (PDT) (envelope-from billf@jade.chc-chimes.com) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id BE4661C4D; Mon, 31 Jul 2000 00:05:37 -0400 (EDT) Date: Mon, 31 Jul 2000 00:05:37 -0400 From: Bill Fumerola To: Siobhan Patricia Lynch Cc: Miklos Niedermayer , Mike Hoskins , Darren Reed , Pavol Adamec , freebsd-security@FreeBSD.ORG Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) Message-ID: <20000731000537.X5021@jade.chc-chimes.com> References: <20000730122718.P5021@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from trish@bsdunix.net on Sun, Jul 30, 2000 at 11:48:14PM -0400 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Jul 30, 2000 at 11:48:14PM -0400, Siobhan Patricia Lynch wrote: > heh, remember which sites we are running with ipfw in front of it? > > maybe theres a problem when its all on the same box ;) it's so much fun when we talk in generalities, but know the specifics. just an example, though using cheezy "benchmarks" lo0 and fetch, only default allow rule: 16MBps 1000 ip count (no looking into the tcp udp icmp etc): 4MBps I have the hardware setup right now to start doing real benchmarks and try to make a difference, but ipfw's design doesn't lend itself to large amounts of rules. Just so Darren doesn't have to say it: maybe I should spend my time looking into ipfilter instead of trying to hack ipfw. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message