Years ago, I saw a program in Windows that, although the easily-configurable-per-program firewall "would not let it connect to internet", it launched Internet Explorer with a crafted URL, effectively sending data...
Announcement
Collapse
No announcement yet.
Firewalld 1.3 Released With Easier Firewall Management For More Services
Collapse
X
-
Originally posted by partcyborg View Post
This is one area where the modern BSDs are way ahead of linux. OpenBSD's pf (FreeBSD uses it too now) is way better than iptables all around.
So I don't think you have any clue what you're talking about.
- Likes 2
Comment
-
Originally posted by npwx View Post
I'm not sure what "all around" is referring to. Performance wise that's they are not even in the same universe, nftables beats the shit out of any *BSD packet filter even without using features such as hardware offloading. On top of that it scales almost linear with the number of cores. Syntax is a matter of taste obviously, but nftables uses a well defined grammar, uses keywords as defined in the various RFCs to refer to header fields and is actually very easy to read.
So I don't think you have any clue what you're talking about.
Comment
-
Originally posted by partcyborg View Post
It is you who have no clue what you are talking about: https://www.uv.es/cuan/vyos_bsdrp/
No hardware, no kernel version, no details on the rules or the cmdline used to generate packets, and the author states at the top "This is a basic benchmark that is not close to the real world."
Beyond that, the entire result seems to be due to drivers, as per the author: That seems to be a mellanox driver queue balancing because it only uses 12 cores at 100% and the other cores are idle
In other words, the entire test seems to be due to driver / kernel differences, rather than anything to do with the merits of the packet filter. Treating this anything more than an interesting anecdote is incredibly disingenuous.
Comment
Comment