> Thx for the reply. Well I've already increased the state table size to
> 15 entries, 1 was not enough (there was up to 7
> simultaneous state entries during the test). Hardware wise, I'm using
> a xeon 2.4 GHz monocore with 1 GB of RAM. Since this server is used as
> firewall
Just to clarify a bit, I would not be surprised if IPTables performs
more quickly than PF in this particular test, for a couple of reasons:
- PF uses a red-black tree for the session tracking, while iptables uses
a hash table. The red-black tree means performance scales smoothly as
the number
Thx for the reply. Well I've already increased the state table size to
15 entries, 1 was not enough (there was up to 7
simultaneous state entries during the test). Hardware wise, I'm using
a xeon 2.4 GHz monocore with 1 GB of RAM. Since this server is used as
firewall only, I've
There is not much to tweak, performance-wise. OpenBSD avoids such
buttons like the plague, and besides: benchmarks should be run with a
stock install, which is what 99% of users are going to be doing as well.
You can try looking at the output of 'pfctl -si' and see if any of those
is increasing a
On 2011-08-16, Quentin Aebischer wrote:
> Hello everyone,
>
> I'm currently a master degree student, and I'd like to benchmark
> packet filter over the number of tcp sessions per seconds it can handle.
>
> So I've got a very basic setup working, consisting of one server
> running OpenBSD 4.9 w
Hello everyone,
I'm currently a master degree student, and I'd like to benchmark
packet filter over the number of tcp sessions per seconds it can handle.
So I've got a very basic setup working, consisting of one server
running OpenBSD 4.9 with PF (acting as firewall-router), and 2 PC's
ru
6 matches
Mail list logo
