From owner-freebsd-ipfw@FreeBSD.ORG Sat Feb 19 04:56:30 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 173E416A4CE for ; Sat, 19 Feb 2005 04:56:30 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id A47DA43D46 for ; Sat, 19 Feb 2005 04:56:29 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so594857wri for ; Fri, 18 Feb 2005 20:56:26 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=MbK9x/lj/Tx1fxIuyCVuuRH6XtVZz4iYowahrQ1KuFm34nSUITJ6na3OseTFmWEdyPnDa76ibwGRM6H37bY8ti6rt1bnDxFsNDz3XyIywUKam3lh8hxLRE44Xr/jRDBU6D8v/NwiqdNwz/imjlGN5Qp4r9VBrPPU6MtadkflGdQ= Received: by 10.54.24.27 with SMTP id 27mr38840wrx; Fri, 18 Feb 2005 20:56:25 -0800 (PST) Received: by 10.54.39.34 with HTTP; Fri, 18 Feb 2005 20:56:25 -0800 (PST) Message-ID: <8eea040805021820565dfa3db1@mail.gmail.com> Date: Fri, 18 Feb 2005 20:56:25 -0800 From: Jon Simola To: rasfan@nadi-it.com In-Reply-To: <3828.219.94.101.37.1108786223.squirrel@219.94.101.37> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <3828.219.94.101.37.1108786223.squirrel@219.94.101.37> cc: freebsd-ipfw@freebsd.org Subject: Re: Firewall Throughput Issue X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Feb 2005 04:56:30 -0000 On Sat, 19 Feb 2005 12:10:23 +0800 (MYT), Mohd Rasfan wrote: > Hello to all > > I Want to know freebsd firewall throughput can anybody help me > there is two firewall in freebsd one is ipfw and pf > can anybody help me how i want to chosse between ipfw anf ipf > and what is the throughput benchmark Your question is worded very vaguely. I have 2 machines on identical hardware (2.4GHz P4, 512MB+ RAM), one running an ipfw bridge and the other pf routing. Both handle my traffic (peaks of 20Mbps and 4Kpps) with plenty of resources to spare. In testing, I've pushed more than 60Mbps of traffic through them. My only bottleneck is the FastEthernet port on the telco's Cisco router. With a 2GHz processor and good network cards (I've been using Intel Gig cards that probe as em0/1) you should have no problems with 100Mbps of traffic sustained, provided you have a well-written ruleset for ipfw or pf. I believe your time should be spent reading up on both and determining which matches your needs. I prefer pf for the easy to read ruleset, NAT features, and traffic shaping. I prefer ipfw for the layer2 filtering capabilities. In fact, on my pf-based router, I have ipfw filtering at layer2, and use pf for everything else. -- Jon Simola Systems Administrator ABC Communications