RE: IPNAT performance problem - was poor performance

["Lawrence W. Smith" <lws_(_at_)_juiceco_(_dot_)_com>]

> Hmm, watching this thread has me worried. I switched most of 
> my clients
> to OpenBSD because it is said to be the "best thing since 
> sliced bread".
> Now I see this type of thing and wonder if I made the right choice.
> Granted, this has next to nothing to do with security, which is what
> OpenBSD is best at, but still. I was looking for a total solution.
> Please, no flames, I'm very serious, now that linux has 
> iptables, should
> I switch back? At least until the new 'pf' is available? I need a
> solution that provides both, speed and security. Well, and 
> doesn't cost
> a zillion bucks! 
> 
> - Gary

Just sit tight track -stable (which you should for production anyway)
and when the concensus on this esteemed list is that the next release
is as wonderfully solid as its predecessors, then tentatively move a 
copy from your test box to one of your production ones.

__If you want to__

Otherwise you can be conservative and track 2.9-stable until it is 
no longer feasible, at which point there will be loads of tempting
improvements anyway.

Its a very effective system which shouldn't be too big a surprise:
look at the team using it ...

IPF / PF is not the only component in the OpenBSD arsenal and just
because PF is becoming a reality on the horizon does not mean IPF is
any worse than it was before PF !!! 

L