Les Mikesell wrote:
Chan Chung Hang Christopher wrote:
That part about high-core speed for OpenBSD pf is definitely on. The multi-processor part...not too sure. Maybe with NUMA systems like what you get on AMD Opteron platforms.
Don't both iptables and pf bypass the filters for established TCP connections (making the filtering speed only rarely relevant)?
Yeah, IF you set up the rules right. On that score, i think openbsd has a certain order iirc so you cannot go wrong there...but with iptables and netfilter...heh.