| From: | "Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx> |
| Date: | Thu, 29 Jun 2006 11:16:00 +0200 |
No, can't. As I understand the current answers, we will remove ipfwCan you please show that pf is as fast as ipfw?I would like to deprecate ipfw (and dummynet, because it needs ipfw) for the next release and remove it in 1.7.
from the main code path and get a pfil'ed version instead. So this
won't affect the speed after all. Besides, if somebody cares about his
filtering speed, he should do measurements. I don't have the network,
the equipment, nor the filter set to measure speed.Well, last time i measured it was a lot slower. I would think that a good procedure was that if someone wants to remove healthy code that he has to proof that it is valid to do so.
Please test at least the cases that /etc/rc.firewall allows for and provide a script like it for replacement.
cheers simon
-- Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\ Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Attachment:
PGP.sig
Description: This is a digitally signed message part