Firewall Throughput Issue
Jon Simola
jsimola at gmail.com
Fri Feb 18 20:56:30 PST 2005
On Sat, 19 Feb 2005 12:10:23 +0800 (MYT), Mohd Rasfan
<rasfan at nadi-it.com> wrote:
> Hello to all
>
> I Want to know freebsd firewall throughput can anybody help me
> there is two firewall in freebsd one is ipfw and pf
> can anybody help me how i want to chosse between ipfw anf ipf
> and what is the throughput benchmark
Your question is worded very vaguely.
I have 2 machines on identical hardware (2.4GHz P4, 512MB+ RAM), one
running an ipfw bridge and the other pf routing. Both handle my
traffic (peaks of 20Mbps and 4Kpps) with plenty of resources to spare.
In testing, I've pushed more than 60Mbps of traffic through them. My
only bottleneck is the FastEthernet port on the telco's Cisco router.
With a 2GHz processor and good network cards (I've been using Intel
Gig cards that probe as em0/1) you should have no problems with
100Mbps of traffic sustained, provided you have a well-written ruleset
for ipfw or pf.
I believe your time should be spent reading up on both and determining
which matches your needs. I prefer pf for the easy to read ruleset,
NAT features, and traffic shaping. I prefer ipfw for the layer2
filtering capabilities.
In fact, on my pf-based router, I have ipfw filtering at layer2, and
use pf for everything else.
--
Jon Simola
Systems Administrator
ABC Communications
More information about the freebsd-ipfw
mailing list