Ian,
It's not so much the induced latency, but the CPU usage. Simply
invoking ipfw causes a noticeable amount of overhead, and with a
single rule it clocks in at 5% on the hardware in question. This
ranks ipfw_chk in as the 2nd hungriest function, just below tcp_output
in the IRQ handler threads
On Thu, 16 Apr 2015 11:41:54 +0800, Julian Elischer wrote:
> On 4/15/15 5:09 AM, hiren panchasara wrote:
> > Apologies if this is something silly but I want to completely eliminate
> > ipfw from outgoing traffic perspective. I just want to have it on
> > incoming. I can always add "allow ip fro
