[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPNAT performance problem - was poor performance
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: RE: IPNAT performance problem - was poor performance
- From: "Lawrence W. Smith" <lws_(_at_)_juiceco_(_dot_)_com>
- Date: Fri, 6 Jul 2001 22:48:30 +0100
> Hmm, watching this thread has me worried. I switched most of
> my clients
> to OpenBSD because it is said to be the "best thing since
> sliced bread".
> Now I see this type of thing and wonder if I made the right choice.
> Granted, this has next to nothing to do with security, which is what
> OpenBSD is best at, but still. I was looking for a total solution.
> Please, no flames, I'm very serious, now that linux has
> iptables, should
> I switch back? At least until the new 'pf' is available? I need a
> solution that provides both, speed and security. Well, and
> doesn't cost
> a zillion bucks!
> - Gary
Just sit tight track -stable (which you should for production anyway)
and when the concensus on this esteemed list is that the next release
is as wonderfully solid as its predecessors, then tentatively move a
copy from your test box to one of your production ones.
__If you want to__
Otherwise you can be conservative and track 2.9-stable until it is
no longer feasible, at which point there will be loads of tempting
Its a very effective system which shouldn't be too big a surprise:
look at the team using it ...
IPF / PF is not the only component in the OpenBSD arsenal and just
because PF is becoming a reality on the horizon does not mean IPF is
any worse than it was before PF !!!