[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ip/ipf
 Date:  Wed, 14 Sep 2005 21:47:42 -0400
On 9/14/05, Bryan K. Brayton <bryan at sonicburst dot net> wrote:
> I run a constantly saturated 100Mbit line through a filtering bridge based on OpenBSD and PF...it
hasn't failed once on over 2 years of constant uptime, so I wouldn't say it will crash under very
heavy load.

absolutely right.  One of the core devs of pfsense manages several
hundred firewalls around the world running OpenBSD and PF, with loads
as heavy as gigabit and as much as 1000+ state table inserts *per
second*.  That's a very, very serious load.  They handle traffic on
very large volumes and dollar amounts of financial transactions where
failure isn't an option (they run CARP too for redundancy).  They
wouldn't be running PF if it wasn't rock solid, because they can't
afford downtime or network glitches.