Date: Fri, 18 Feb 2005 20:56:25 -0800 From: Jon Simola <jsimola@gmail.com> To: rasfan@nadi-it.com Cc: freebsd-ipfw@freebsd.org Subject: Re: Firewall Throughput Issue Message-ID: <8eea040805021820565dfa3db1@mail.gmail.com> In-Reply-To: <3828.219.94.101.37.1108786223.squirrel@219.94.101.37> References: <3828.219.94.101.37.1108786223.squirrel@219.94.101.37>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 19 Feb 2005 12:10:23 +0800 (MYT), Mohd Rasfan <rasfan@nadi-it.com> wrote: > Hello to all > > I Want to know freebsd firewall throughput can anybody help me > there is two firewall in freebsd one is ipfw and pf > can anybody help me how i want to chosse between ipfw anf ipf > and what is the throughput benchmark Your question is worded very vaguely. I have 2 machines on identical hardware (2.4GHz P4, 512MB+ RAM), one running an ipfw bridge and the other pf routing. Both handle my traffic (peaks of 20Mbps and 4Kpps) with plenty of resources to spare. In testing, I've pushed more than 60Mbps of traffic through them. My only bottleneck is the FastEthernet port on the telco's Cisco router. With a 2GHz processor and good network cards (I've been using Intel Gig cards that probe as em0/1) you should have no problems with 100Mbps of traffic sustained, provided you have a well-written ruleset for ipfw or pf. I believe your time should be spent reading up on both and determining which matches your needs. I prefer pf for the easy to read ruleset, NAT features, and traffic shaping. I prefer ipfw for the layer2 filtering capabilities. In fact, on my pf-based router, I have ipfw filtering at layer2, and use pf for everything else. -- Jon Simola Systems Administrator ABC Communications
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea040805021820565dfa3db1>