On Wed, 2010-09-22 at 19:29 +0000, Rikky Taylor wrote: > I was after some general advice. I need to setup a routing firewall with 3 > interfaces, moderate traffic and a fair amount of NAT'ing in the rules. Sorry, that's just too vague to have any meaning. Come back with a topology and numbers for traffic and subnets. > > > > Given identical modern server hardware would I expect a performance difference > between an OpenBSD/PF setup and a Linux/IPTables one?
You're zeroing in on the wrong metric. Better metrics are "How hard is it to read my ruleset?" "How many nasty side effects can I expect while reloading a tweak of my ruleset?" "What's the signal to noise ratio when I ask for help fixing my rule set?" I think the following from Rusty Russell does an excellent summary http://ozlabs.org/~rusty/index.cgi/tech/2006-08-15.html
