[ previous ] [ next ] [ threads ]
 
 From:  "Bryan K. Brayton" <bryan at sonicburst dot net>
 To:  <edward dot mzj at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] ip/ipf
 Date:  Wed, 14 Sep 2005 21:28:57 -0400
I run a constantly saturated 100Mbit line through a filtering bridge based on OpenBSD and PF...it
hasn't failed once on over 2 years of constant uptime, so I wouldn't say it will crash under very
heavy load.

Just my $0.02

-Bryan

-----Original Message-----
From: edward mzj [mailto:edward dot mzj at gmail dot com] 
Sent: Wednesday, September 14, 2005 9:14 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] ip/ipf

ipf v3.4.35 is the stablest one.

it is said pf will crash under very heavy load

2005/9/15, Chris Buechler <cbuechler at gmail dot com>:

> > Hi there!
> >
> > I was just wondering, uhm, m0n0wall currently (1.2b10) uses pf
> > (packetfilter), right? There's also ipf (IP Filter) in *BSD... I was
> > wondering why m0n0wall doesn't use ipf instead of pf! I don't know
> > why/if it should, just a question. Would it take much to rewrite
> > m0n0wall for ipf? Well, I guess it would if it used a different
> > syntax... Maybe a wrapper could be written for it (like a script.sh
> > file which took inputs and made ipf commands out of the inputs).
> > Would 'we' benefit from having ipf in m0n0wall instead of pf?
> >
> 
> It already is ipf, and always has been.  Honestly, pf is a much
> superior packet filter in most every way, so if the above was true I'd
> ask "why bother"?  :)  Can't say that I have any experience with ipf
> 4.x, though I hear it's buggier than 3.x and 3.x has enough quirks
> already (4.x adds many of the important features pf has that ipf 3.x
> is lacking).
> 
> After 1.2 is released, Manuel is going to start a discussion here on
> the OS and packet filter for the next m0n0wall version.
> 
> -Chris
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch