On Thu, Feb 06, 2003 at 08:53:26AM -0500, Jason Dixon wrote:
> On Thu, 2003-02-06 at 08:09, Henning Brauer wrote:
> > On Thu, Feb 06, 2003 at 01:42:45PM +0100, Emmanuel Fleury wrote:
> > > But, I wonder why they are faster than pf !
> > > Because, there is no obvious relation between the fact that pf is more
> > > secure and the fact that it is slow (I might be wrong!!!).
> >
> > pf is not close to beeing slow. in fact, it's bleeding fast.
> > they are a bit faster in some areas because they leave out the sequence
> > number checks.
>
> I can't help but giggle when people start comparing iptables/ipf/pf on
> the basis of how "slow" they are. Do you people (the ones asking these
> stupid questions) realize _just_how_FAST_ this code is? Just how little
> resources you need to saturate your connections?
>
> -J.
>
I have the same thing here.
People want to see how fast things go and such.
I have a very old 386 8 Mhz here and it works SUPER as 3.2-current
firewall for my home network.
As far as I can notice I have no network slowdown compared to the
firewall at work (pII 400).
For me this makes more sense then a graph. pf is FAST, even on slow
hardware.
Michiel van Baak
PS: For the record -
I have 110 lines in pf.conf and I use alq for limiting upstream for
certain protocols (ftp and http)
