[CentOS] Optimizing CentOS for gigabit firewall
Timo Schoeler
timo.schoeler at riscworks.net
Fri Dec 18 20:23:38 UTC 2009
> after quick search in google:
>
> http://postfactum.pl.ua/pf/
>
> I will test to patch latest linux kernel with pf.
> What do you thing?
Get OpenBSD. Honestly -- all the porting stuff of relatively
kernel-close stuff is just braindead.
Timo
> >sadas sadas wrote:
> >
> >> I can't find information is there linux or BSD distribution with effective
> >> firewall that uses optimized algorithm to store hundreds of IPs and to
> >> forward huge traffic. Any idea?
> >
> >Hundreds?
> >
> >http://www.openbsd.org/faq/pf/tables.html
> >
> >"A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups
> >against a table are very fast and consume less memory and processor time
> >than lists. For this reason, a table is ideal for holding a large group of
> >addresses as the lookup time on a table holding 50,000 addresses is only
> >slightly more than for one holding 50 addresses. Tables can be used in the
> >following ways:
> >
> > * source and/or destination address in filter, NAT, and redirection rules.
> > * translation address in NAT rules.
> > * redirection address in redirection rules.
> > * destination address in route-to, reply-to, and dup-to filter rule
> >options."
> >
> >nuff said ?
> >
> >I love linux, I've been using it for almost 15 years now, I absolutely
> >hate iptables(and ipchains, and ipfwadm). By contrast I absolutely
> >hate everything about OpenBSD except for pf(which I love, ipfw and
> >ipf aren't too bad either, at least for the era), so I use OpenBSD
> >for firewalls, and linux for everything else.
> >
> >nate
More information about the CentOS
mailing list