DragonFly BSD
DragonFly kernel List (threaded) for 2006-06
Re: ipfw deprecation

From: "Dmitri Nikulin" <dnikulin@xxxxxxxxx>
Date: Thu, 29 Jun 2006 10:01:43 +1000

On 29 Jun 2006 00:51:26 +0200, Andreas Hauser <andy@xxxxxxxxxxxxxxx> wrote:

corecode wrote @ Sun, 25 Jun 2006 13:12:41 +0200:

> I would like to deprecate ipfw (and dummynet, because it needs ipfw) > for the next release and remove it in 1.7.

Can you please show that pf is as fast as ipfw?

For NAT, it should be a lot faster. pf doesn't have the 'divert' hack ipfw does, its NAT stays in the kernel. FTP proxying doesn't, and good, kernel space transparent proxying is a crime.

Even if pf is measurably slower than ipfw for the same rules, it's
very unlikely to matter compared to all of the other processing to do
with networking, and even if it does matter, seems like ipfw will stay

In terms of "horses for courses", until DragonFly as a whole is
optimal enough to make the choice of packet filter a significant
performance consideration, people seeking near-optimal filtered
routing are probably a lot better off using FreeBSD 6 or possibly even

-- Dmitri Nikulin

