On Tue, Dec 09, 2003 at 09:04:46PM +0100, Arno Hechenberger wrote: > - iptables is mostly always more performant
if you're stateless, yes. > - pf (former ipf) is inspecting every packet 2 times pf is not former ipf. > - iptables (now, not ipchains) is now also stateful and has very good > packet mangling capabilities iptables is not stateful at all. at best it is pseudo-stateful. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
