> For basic packet filtering (iptables, ipfw and ipfilter)...imho, I don't > think either one is significantly faster than the other :-)
in "stateless" filtering, especially with increasing rule size. iptables may perform faster than ipf. i have also read some technical issues regarding this and daniel hartmeier's presentation on usenix 2002. > (I don't feel the same way about Linux's IP masq vs NATD though) ;-) same feeling with ipmasq and natd (except ipnat ;-) although i prefer pf on my nat and firewall boxes (btw, this is only my personal preference :-) > Also, the way you write the rules and organize *might be a factor too. > (Although I'm thinking about the way ipfilter process its rules here) true. the way rules are written can be a factor too (e.g. i can skip-step to optimize my pf rules). the way ipf process rules may be different from iptables (especially on stateful ruleset). cheers! -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
