[CentOS] Optimizing CentOS for gigabit firewall

sadas sadas mailrc at abv.bg
Sun Dec 20 16:10:18 UTC 2009


 What solution for gigabit firewall can you suggest? Witch OS and packet filter is capable to atcheave hight performance and gigabit speeds? 

 >Les Mikesell wrote:
 >> Timo Schoeler wrote:
 >>>> What about NetBSD? I heard that NetBSD has the best network stack out
 >>>> there. Maybe NetBSD with pf is the best choice?
 >>> NetBSD is a very nice OS, I personally like it most (out of all BSDs out
 >>> there); however, as can be read on
 >>>
 >>> http://www.netbsd.org/docs/network/pf.html
 >>>
 >>> there's the 'usual lag': OpenBSD implements feature X in 4.6, wait some
 >>> time to see it implemented elsewhere.
 >>>
 >>> One of the biggest strengths of OpenBSD is that it's really a completely
 >>> rounded piece of work. Keep it that way. pf will perform best on
 >>> OpenBSD, with all the nice features it has.
 >> 
 >> Has anyone used Firewall Builder to create a complex set of iptables 
 >> rules?  Or compared performance where it built the same thing for 
 >> linux/iptables  and bsd/pf?
 >> 
 >
 >
 >Are you joking? That piece of crap just puts everything into one single 
 >chain. I never EVER use Firewall Builder after I saw the results the 
 >first time.
 >
 >For a BRIDGING firewall, there is absolutely NO WAY that Linux/netfilter 
 >can keep up with OpenBSD/pf. I doubt that Linux/netfilter can even reach 
 >half the performance of OpenBSD/pf.
 >_______________________________________________
 >CentOS mailing list
 >CentOS at centos.org
 >http://lists.centos.org/mailman/listinfo/centos
 >
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20091220/5523fb56/attachment.html>


More information about the CentOS mailing list