DragonFly kernel List (threaded) for 2006-06
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: ipfw deprecation

From:	Andreas Hauser <andy@xxxxxxxxxxxxxxx>
Date:	29 Jun 2006 07:03:38 +0200

corecode wrote @ Thu, 29 Jun 2006 00:56:35 +0200:
On 29.06.2006, at 00:51, Andreas Hauser wrote:

> >> I would like to deprecate ipfw (and dummynet, because it needs ipfw)
> >> for the next release and remove it in 1.7.
> > Can you please show that pf is as fast as ipfw?
> 
> No, can't.  As I understand the current answers, we will remove ipfw 
> from the main code path and get a pfil'ed version instead.  So this 
> won't affect the speed after all.  Besides, if somebody cares about his 
> filtering speed, he should do measurements.  I don't have the network, 
> the equipment, nor the filter set to measure speed.

Well, last time i measured it was a lot slower. I would think that
a good procedure was that if someone wants to remove healthy code
that he has to proof that it is valid to do so.

Please test at least the cases that /etc/rc.firewall allows for
and provide a script like it for replacement.
If you can't even test that, you shouldn't be allowed to remove that code.

Andy

Follow-Ups:
- Re: ipfw deprecation
  - From: Simon 'corecode' Schubert

References:
- Re: ipfw deprecation
  - From: Andreas Hauser
- Re: ipfw deprecation
  - From: Simon 'corecode' Schubert

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]