Sepherosa Ziehau has made some improvements to ipfw in DragonFly, moving it to per-CPU state tracking among other things. (I haven’t mentioned just ipfw in foreeeever.)
His commit message describes the improvements. Of most interest: it reduces the performance impact of running ipfw in his tests to almost nothing. Does this translate to ipfw on other BSDs? I don’t know.
Sepherosa is awesome at network improvements.
I wonder if any of the detailed network improvements Dropbox recently documented can be leveraged in Dragonfly (and set as defaults – would be so nice to have high performance defaults)
https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/
I am interessted in ipfw3 I know there is ipfw, ipfw3 and pf. I am looking for some good documetation how to use them. wich rc.conf settings is nedded for what? how to automatically load needed kernel modules? I would be thankfull if anyone extends the documentation.