Announcement

Collapse
No announcement yet.

Firewalld 1.3 Released With Easier Firewall Management For More Services

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Years ago, I saw a program in Windows that, although the easily-configurable-per-program firewall "would not let it connect to internet", it launched Internet Explorer with a crafted URL, effectively sending data...
    Last edited by Nth_man; 08 January 2023, 05:02 AM.

    Comment


    • #22
      Originally posted by partcyborg View Post

      This is one area where the modern BSDs are way ahead of linux. OpenBSD's pf (FreeBSD uses it too now) is way better than iptables all around.
      I'm not sure what "all around" is referring to. Performance wise that's they are not even in the same universe, nftables beats the shit out of any *BSD packet filter even without using features such as hardware offloading. On top of that it scales almost linear with the number of cores. Syntax is a matter of taste obviously, but nftables uses a well defined grammar, uses keywords as defined in the various RFCs to refer to header fields and is actually very easy to read.

      So I don't think you have any clue what you're talking about.

      Comment


      • #23
        Originally posted by npwx View Post

        I'm not sure what "all around" is referring to. Performance wise that's they are not even in the same universe, nftables beats the shit out of any *BSD packet filter even without using features such as hardware offloading. On top of that it scales almost linear with the number of cores. Syntax is a matter of taste obviously, but nftables uses a well defined grammar, uses keywords as defined in the various RFCs to refer to header fields and is actually very easy to read.

        So I don't think you have any clue what you're talking about.
        It is you who have no clue what you are talking about: https://www.uv.es/cuan/vyos_bsdrp/

        Comment


        • #24
          Originally posted by partcyborg View Post

          It is you who have no clue what you are talking about: https://www.uv.es/cuan/vyos_bsdrp/
          I'm not really clear why I'm on this thread or getting updates, but that's a pretty weak link.

          No hardware, no kernel version, no details on the rules or the cmdline used to generate packets, and the author states at the top "This is a basic benchmark that is not close to the real world."

          Beyond that, the entire result seems to be due to drivers, as per the author: That seems to be a mellanox driver queue balancing because it only uses 12 cores at 100% and the other cores are idle

          In other words, the entire test seems to be due to driver / kernel differences, rather than anything to do with the merits of the packet filter. Treating this anything more than an interesting anecdote is incredibly disingenuous.

          Comment

          Working...
          X