Date: Tue, 20 Nov 2001 02:38:36 +0100 From: Walter Hop <walter@binity.com> To: Axel Scheepers <axel@axel.truedestiny.net> Cc: Chris Appleton <cappleton@emailtopia.com>, freebsd-questions@freebsd.org Subject: Re: NAT security Message-ID: <1989602727.20011120023836@binity.com> In-Reply-To: <20011119235600.A1904@mars.thuis> References: <917DCA667947D4118E2100AA00BAEA6E1ABC06@vonneumann.emailtopia.com> <83141508858.20011119162408@binity.com> <20011119235600.A1904@mars.thuis>
next in thread | previous in thread | raw e-mail | index | archive | help
[in reply to axel@axel.truedestiny.net, 19-11-2001] > I use ipfilter/ipnat and like the way you can flush/edit the kernel filterlist > and the possibility to create nice config files for it. As I see it ipfilter is > a bit better handling large configurations. > It also uses a technique which processes the whole ruleset which might be a > bit confusing when you first start using it. > My gateway/firewall is a simple 486-33/16MB, I used ipf & natd for a while > but since these copy packets from kernel to userland, and ipfilter/ipnat don't, > ipfilter gives _way_ more performance on a busy network. > For home use I shouldn't care if I where you; if ipfw suits you and does 'your > thing' use it. :) Thanks for the info! I never did care to look at it. Do you think the efficiency gain is noticable for a node with relatively few firewalling rules as well? -- Walter Hop <walter@binity.com> Updated contact information: http://www.binity.com/~walter/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1989602727.20011120023836>