[CentOS] Optimizing CentOS for gigabit firewall
sadas sadas
mailrc at abv.bg
Fri Dec 18 20:16:29 UTC 2009
after quick search in google:
http://postfactum.pl.ua/pf/
I will test to patch latest linux kernel with pf.
What do you thing?
>sadas sadas wrote:
>
>> I can't find information is there linux or BSD distribution with effective
>> firewall that uses optimized algorithm to store hundreds of IPs and to
>> forward huge traffic. Any idea?
>
>Hundreds?
>
>http://www.openbsd.org/faq/pf/tables.html
>
>"A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups
>against a table are very fast and consume less memory and processor time
>than lists. For this reason, a table is ideal for holding a large group of
>addresses as the lookup time on a table holding 50,000 addresses is only
>slightly more than for one holding 50 addresses. Tables can be used in the
>following ways:
>
> * source and/or destination address in filter, NAT, and redirection rules.
> * translation address in NAT rules.
> * redirection address in redirection rules.
> * destination address in route-to, reply-to, and dup-to filter rule
>options."
>
>nuff said ?
>
>I love linux, I've been using it for almost 15 years now, I absolutely
>hate iptables(and ipchains, and ipfwadm). By contrast I absolutely
>hate everything about OpenBSD except for pf(which I love, ipfw and
>ipf aren't too bad either, at least for the era), so I use OpenBSD
>for firewalls, and linux for everything else.
>
>nate
>
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20091218/617f260b/attachment.html>
More information about the CentOS
mailing list