Date: Mon, 3 Dec 2001 19:56:35 +0100 From: Kjell <la3sg@sensewave.com> To: "Thor Legvold" <tlegvold@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall rules (ipfw) Message-ID: <20011203195625.933A480D2@mail.broadpark.no> In-Reply-To: <F86oqciWBXxbT9RVoP80001cf60@hotmail.com> References: <F86oqciWBXxbT9RVoP80001cf60@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 03 December 2001 3:18 pm, you wrote: > Axel wrote: > >What about ipfilter/ipnat combo for this setup ? ipfilter has way >better > >performance than ipfw (or you should mess up the config) since it >doesn't > >have > >to copy packets from kernel to userland. At home (cable) I use it on a > > > > >486-33/ > > > >16MB. I had natd running for a while but that caused a 100% cpu load >when > >there was much traffic, now with ipnat it never gets higher then 20% ;->) > > I can look into it. I'd kind of like to get ipfw/nat working right since > I've invested so much time in it - learning a copletely different ruleset > syntax is not something I look forward to right now. I'd like to just get > everything up and semi-ok, and then spend time tweaking here and there as I > have time. IPF and ipnat would also require a kernel rebuild, which isn't > difficult or impossible, just more work when I already have little spare > time. IPFILTER is part of the GENERIC kernel, so no rebuild is required. You just have to enable it in the rc.conf file. I just switched from ipfw to ipfilter, and I found ipfilter easier to set up. Using the ipfiler/ipnat combination I was able to implement filters I never managed to get working under ipfw..... mvh from Kjell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011203195625.933A480D2>