Hardware vs software firewall on FreeBSD

Vulpes Velox kitbsdlists at HotPOP.com
Thu Feb 12 16:25:20 PST 2004

On Thu, 12 Feb 2004 12:37:45 -0800
ppi at amug.org wrote:

> I'm upgrading the hardware on my webserver.  It will run FreeBSD
> 4.9.
> I need to decide whether to use a hardware firewall (Cisco) or use
> ipfw, ipf, pf, etc.
> The hardware firewall will increase my monthly server rental bill by
> almost 30%.  So I'm wondering if the significant extra cost is worth
> it.
> What kind of performance hit will result from using ipfw, ipf or pf?

AFAIK you will not get any noticeable performance hit from any of
> I would like to avoid the extra expense of the hardware firewall.
> Can anyone offer an opinion on this matter?  Any good reasons to use
> one over the other?

I personally don't trust hardware firewalls any more than I trust a
software firewall. Problems can occur in either and software is easier
to update and ect. I really don't see how it makes a dif if
something is written in Verilog or C or whatever. The only dif is one
is easier to back work than the other.

More information about the freebsd-questions mailing list