| Question:
Is FwdFast faster then Allow?
Answer:
No, FwdFast is not, as the name may suggest, faster then Allow. What it
does is immediately forward the
packet, bypassing the stateful inspection engine. This is indeed faster
for the individual packet. However,
since there is no state information regarding the connection, the ruleset
has to be consulted for each and
every packet; this consumes more CPU time than state table lookups. |