On Thu, Feb 06, 2003 at 08:53:26AM -0500, Jason Dixon wrote: > On Thu, 2003-02-06 at 08:09, Henning Brauer wrote: > > On Thu, Feb 06, 2003 at 01:42:45PM +0100, Emmanuel Fleury wrote: > > > But, I wonder why they are faster than pf ! > > > Because, there is no obvious relation between the fact that pf is more > > > secure and the fact that it is slow (I might be wrong!!!). > > > > pf is not close to beeing slow. in fact, it's bleeding fast. > > they are a bit faster in some areas because they leave out the sequence > > number checks. > > I can't help but giggle when people start comparing iptables/ipf/pf on > the basis of how "slow" they are. Do you people (the ones asking these > stupid questions) realize _just_how_FAST_ this code is? Just how little > resources you need to saturate your connections? > > -J. > I have the same thing here. People want to see how fast things go and such. I have a very old 386 8 Mhz here and it works SUPER as 3.2-current firewall for my home network. As far as I can notice I have no network slowdown compared to the firewall at work (pII 400). For me this makes more sense then a graph. pf is FAST, even on slow hardware.
Michiel van Baak PS: For the record - I have 110 lines in pf.conf and I use alq for limiting upstream for certain protocols (ftp and http)