firewall on freebsd

Giorgos Keramidas keramida at
Fri Jun 24 21:02:02 GMT 2005

On 2005-06-24 10:59, Ean Kingston <ean at> wrote:
> For anyone who wants to start the in-kernel vs user-land NAT argument,
> I've already been through it and there are valid arguments for both
> sides. So, I won't get into it again.

Agreed.  Most of the people who use FreeBSD in SOHO installations (small
office, home office), and have far less than dozens of systems behind a
NAT-ting FreeBSD system will very rarely have a chance to notice *ANY*
difference between userlevel vs. in-kernel NAT.

This top snapshot:

is from a relatively recent demo-party where ipfw/natd were used in a
gateway of more than 100 systems madly downloading files from each other
and from the wide Internet.  Notice the 97% idle cpu percentage :-)

If FreeBSD can handle NAT, packet forwarding, and general connectivity
for more than 100 systems and still sit 97% of the time waiting for
something interesting to happen, then I'd be surprised if SOHO users
with less than 10-15 systems will notice anything :)

More information about the freebsd-questions mailing list