On Fri, Sep 21, 2012 at 09:33:04AM -0700, Ed Flecko wrote: > Does anyone have any suggestions on how to best test the performance > of my PF ruleset? Maybe iperf?
Well, the traffic to your machine will be highly unique based on what you use it for, so pre-made testing tools will not be adapted to your situation. Type "pfctl -vs rules". You'll get some useful output that tells how often each rule is checked etc. based on your actual network traffic. Although, pf is pretty lightweight. IMO you should first learn correct rule syntax and making good rules (eg, don't block all of icmp because you're scared of it -- this will break things). You'll get far greater returns. The pf.conf manpage is a Unix treasure and incidentally it explains what you're looking for. Nicolai
