Contributed by jose on from the performance-analysis dept.
"Daniel Hartmeier did a presentation about PF at Usenix 2002 : Design and Performance of the OpenBSD Stateful Packet Filter ( html , PDF , slides ).I saw a preview copy of this paper, but I had to miss Usenix Tech this year. Well worth the reading.
In summary, iptables perform the best for stateless rules and pf performs the best when using stateful filtering. "
(Comments are closed)