I know U, rsss I wrote several rules with netfilter for a long time until this friend said to me about OpenBSD/PF Now i forget how write rules with netfilter Sincerely . I say PF in Vein !
Regargs Spawn 2010/9/22 Chris Dukes <pak...@pr.neotoma.org> > On Wed, 2010-09-22 at 19:29 +0000, Rikky Taylor wrote: > > I was after some general advice. I need to setup a routing firewall with > 3 > > interfaces, moderate traffic and a fair amount of NAT'ing in the rules. > Sorry, that's just too vague to have any meaning. > Come back with a topology and numbers for traffic and subnets. > > > > > > > > Given identical modern server hardware would I expect a performance > difference > > between an OpenBSD/PF setup and a Linux/IPTables one? > > You're zeroing in on the wrong metric. > Better metrics are "How hard is it to read my ruleset?" > "How many nasty side effects can I expect while reloading a tweak of my > ruleset?" "What's the signal to noise ratio when I ask for help fixing > my rule set?" > > I think the following from Rusty Russell does an excellent summary > > http://ozlabs.org/~rusty/index.cgi/tech/2006-08-15.html
