PF vs IPFW (was: Re: Firewall Profiling.)
Damien Fleuriot
ml at my.gd
Tue Dec 27 10:38:27 UTC 2011
On 12/27/11 1:54 AM, Pawel Tyll wrote:
> Hi lists,
>
> Are there any profiling tools in the system or ports that would allow
> me to determine how much processing is being done per packet and how
> long does it take? I would like to predict possible PPS load for my
> system and perhaps locate and remove some bottlenecks.
>
> Is IPFW efficient enough to firewall 2x10GE (in+out) interfaces
> without much latency increase, when running on modern hardware
> with Intel NICs? Majority of processing tasks would probably be setfib
> according to matches in tables.
>
> Pawel.
>
Sorry for hijacking the thread.
Is there a reason some people use IPFW over PF ?
Like, performance perhaps ?
Since its inclusion in the base system, I have only ever used PF and
have never had major problems with it.
More information about the freebsd-net
mailing list