Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Nov 2001 02:38:36 +0100
From:      Walter Hop <walter@binity.com>
To:        Axel Scheepers <axel@axel.truedestiny.net>
Cc:        Chris Appleton <cappleton@emailtopia.com>, freebsd-questions@freebsd.org
Subject:   Re: NAT security
Message-ID:  <1989602727.20011120023836@binity.com>
In-Reply-To: <20011119235600.A1904@mars.thuis>
References:  <917DCA667947D4118E2100AA00BAEA6E1ABC06@vonneumann.emailtopia.com> <83141508858.20011119162408@binity.com> <20011119235600.A1904@mars.thuis>

next in thread | previous in thread | raw e-mail | index | archive | help
[in reply to axel@axel.truedestiny.net, 19-11-2001]

> I use ipfilter/ipnat and like the way you can flush/edit the kernel filterlist
> and the possibility to create nice config files for it. As I see it ipfilter is
> a bit better handling large configurations. 
> It also uses a technique which processes the whole ruleset which might be a 
> bit confusing when you first start using it.
> My gateway/firewall is a simple 486-33/16MB, I used ipf & natd for a while
> but since these copy packets from kernel to userland, and ipfilter/ipnat don't,
> ipfilter gives _way_ more performance on a busy network.
> For home use I shouldn't care if I where you; if ipfw suits you and does 'your
> thing' use it. :)

Thanks for the info! I never did care to look at it. Do you think the
efficiency gain is noticable for a node with relatively few firewalling
rules as well?

-- 
 Walter Hop <walter@binity.com>
 Updated contact information: http://www.binity.com/~walter/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1989602727.20011120023836>