Firewalls: Re: firewall overhead when using ipfwadm

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: firewall overhead when using ipfwadm
From:	Todd Graham Lewis <lists @ reflections . mindspring . com>
Date:	Mon, 24 Feb 1997 03:06:51 -0500 (EST)
To:	m* <mark @ novare . net>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<330DD6AB . 76733D80 @ novare . net>

On Fri, 21 Feb 1997, m* wrote:

> how much kernel overhead is generated by compiled-in firewall
> functionality, i.e. ipfwadm?

Unless you're ipfw'ing a T3, then probably not much of a concern.

> is the impact on system performance negligible or of concern?

Usually negligible.  Check and see if a lot of kernel time is being eaten
up.  If so, turn off the filters for a few seconds and then see if the
time drops.  If so, then yes it is.  If you're cpu is idle then no, it's
not.

I've got a P100 filtering at approx. T1 levels of traffic.  I can't even
detect the impact of filtering.

__
Todd Graham Lewis          Mindspring Enterprises      tlewis @
 mindspring .
 com

References:

firewall overhead when using ipfwadm
From: m* <mark @ novare . net>

Indexed By Date	Previous:	Fed Biz managers From: "Marcus J. Ranum" <mjr @ clark . net>
Indexed By Date	Next:	Re: Firewall Sparc platforms? From: Todd Graham Lewis <lists @ reflections . mindspring . com>
Indexed By Thread	Previous:	firewall overhead when using ipfwadm From: m* <mark @ novare . net>
Indexed By Thread	Next:	Re: Web server security From: long-morrow @ CS . YALE . EDU