Re: Netfilter vs PF ? (not a troll)
- From: "Joel Shea" <jwshea@xxxxxxxxx>
- Date: 18 Oct 2006 22:47:44 -0700
Ertugrul Soeylemez wrote:
"Akane" <akane@xxxxxxxxxxxxxx> (06-10-18 00:32:19):
First, I'd like to say I don't want to start a troll or anything but
I've been wandering for quite some time now which firewall was "the
best" between Packet Filter (PF in OpenBSD) and Netfilter (2.6 kernel
Linux).
...snip...
Currently I can only speak for Netfilter. The most recent (serious) bug
in Netfilter was a little signedness bug in handling the TCP options
field, which were to lead to an endless loop in kernel mode, when
triggered with certain values. This bug is about a year old by now.
Performance is pretty good for Netfilter, but AFAIK it's a lot better
for PF, at least since OpenBSD's network stack itself is faster Linux's.
I suggest, you try and stress-test both.
...snip...
I personally find pf much easier to configure and manage (syntax and
feature wise), than iptables (netfilter) based; packet filtering / port
mapping / traffic shaping / load balancing boxen.
Joel.
.
- Follow-Ups:
- Re: Netfilter vs PF ? (not a troll)
- From: Mikhail Zotov
- Re: Netfilter vs PF ? (not a troll)
- References:
- Netfilter vs PF ? (not a troll)
- From: Akane
- Re: Netfilter vs PF ? (not a troll)
- From: Ertugrul Soeylemez
- Netfilter vs PF ? (not a troll)
- Prev by Date: Re: what happens when bash_history reaches its limit?
- Next by Date: Re: Netfilter vs PF ? (not a troll)
- Previous by thread: Re: Netfilter vs PF ? (not a troll)
- Next by thread: Re: Netfilter vs PF ? (not a troll)
- Index(es):
Relevant Pages
|
