# Should we upgrade for PF performance?



## thegadgetman (Feb 27, 2012)

Hello all. I have been doing a lot of research on PF and reading. Once thing I am seeing is that in my readings PF experts say there is a "noticeable performance increase" on 4.4 and above. Currently we are using FreeBSD 6.1 which has 4.1 version of PF. Is it worth it to switch to a newer version of PF mainly for the performance increases or it not that big a deal?


Reference: http://nostarch.com/pf2.htm
Location: NEWER PF RELEASES PERFORM BETTER - Page 5
Reference: http://home.nuug.no/~peter/pf/en/long-firewall.html
Location: Search "making each release from 4.4 through 5.0 perform better than its predecessors"
Thank you!


----------



## thegadgetman (Feb 27, 2012)

Also how do I edit my posts for spelling and grammar issues?


----------



## DutchDaemon (Feb 28, 2012)

thegadgetman said:
			
		

> Also how do I edit my posts for spelling and grammar issues?



It's in your sign-up email: http://forums.freebsd.org/showthread.php?t=11804


----------



## DutchDaemon (Feb 28, 2012)

FreeBSD 6.1 is _seriously_ end-of-life (almost four years!), so it is not supported, and it doesn't receive critical security updates. You are advised to upgrade to a supported version, which will give increased performance overall anyway.


----------



## thegadgetman (Feb 28, 2012)

Sounds like some good reasons to move to a new OS version. I brought that up today and it wasn't really enough for the people at my coop workplace to upgrade right now and asked to come back with some more specific reasons. The one thing that did stand out to my boss was no more security updates. Then the they said were using a FreeBSD appliance with a small kernel and not many utilities AKA less vulnerable. I really want to convince them to upgrade just for PF performance and should expand on that myself and try and convince them. Thanks for your response.


----------



## gkontos (Feb 28, 2012)

Regarding performance issues, this is not something that can be answered properly without knowing your environment and needs. If you are just looking for a better throughput then yes you might achieve that considering the improvements in the filtering engine.

Running a firewall on a EOL & EOS OS though is a much better argument IMHO unless you are somehow able to keep up and adjust OS patching on an unsupported version with your own development team. Don't forget that FreeBSD is not just a kernel based OS therefore no matter how you strip down the kernel you still have to deal with the binaries that are part of the base OS.

Regards,


----------



## throAU (Mar 1, 2012)

Pretty much what they said.  EOL firewall = bad idea.

However, whether or not it is "worth it" from a performance perspective would depend on whether or not you are seeing performance problems at the moment?


----------



## thegadgetman (Mar 2, 2012)

"Running a firewall on a EOL & EOS OS though is a much better argument IMHO unless you are somehow able to keep up and adjust OS patching on an unsupported version with your own development team. Don't forget that FreeBSD is not just a kernel based OS therefore no matter how you strip down the kernel you still have to deal with the binaries that are part of the base OS." - gkontos

This is a great point of view gkontos. I will definitely use this as a good reason to upgrade   at our next meeting. Everyone who responded to this post has made the same claims about the security aspect, I see now how in my case this is more of an issue than performance. 

To answer your questions there is no performance issues. The performance question was due to my reading and learning of PF about newer versions (4.4+) being faster/better and if they actually made noticeable difference but since we don't really have any latency issues I can't see how it will help. 

You can call this a case closed thanks for the help everyone.


----------

