Date: Mon, 31 Jul 2000 00:05:37 -0400 From: Bill Fumerola <billf@chimesnet.com> To: Siobhan Patricia Lynch <trish@bsdunix.net> Cc: Miklos Niedermayer <mico@bsd.hu>, Mike Hoskins <mike@adept.org>, Darren Reed <avalon@coombs.anu.edu.au>, Pavol Adamec <pavol_adamec@tempest.sk>, freebsd-security@FreeBSD.ORG Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) Message-ID: <20000731000537.X5021@jade.chc-chimes.com> In-Reply-To: <Pine.BSO.4.21.0007302347070.21752-100000@superconductor.rush.net>; from trish@bsdunix.net on Sun, Jul 30, 2000 at 11:48:14PM -0400 References: <20000730122718.P5021@jade.chc-chimes.com> <Pine.BSO.4.21.0007302347070.21752-100000@superconductor.rush.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 30, 2000 at 11:48:14PM -0400, Siobhan Patricia Lynch wrote:
> heh, remember which sites we are running with ipfw in front of it?
>
> maybe theres a problem when its all on the same box ;)
it's so much fun when we talk in generalities, but know the specifics.
just an example, though using cheezy "benchmarks" lo0 and fetch,
only default allow rule: 16MBps
1000 ip count (no looking into the tcp udp icmp etc): 4MBps
I have the hardware setup right now to start doing real benchmarks
and try to make a difference, but ipfw's design doesn't lend itself
to large amounts of rules.
Just so Darren doesn't have to say it: maybe I should spend my time
looking into ipfilter instead of trying to hack ipfw.
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
billf@chimesnet.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000731000537.X5021>