after quick search in google:
I will test to patch latest linux kernel with pf. What do you thing?
Get OpenBSD. Honestly -- all the porting stuff of relatively kernel-close stuff is just braindead.
Timo
sadas sadas wrote:
I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea?
Hundreds?
http://www.openbsd.org/faq/pf/tables.html
"A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses. Tables can be used in the following ways:
- source and/or destination address in filter, NAT, and redirection rules.
- translation address in NAT rules.
- redirection address in redirection rules.
- destination address in route-to, reply-to, and dup-to filter rule
options."
nuff said ?
I love linux, I've been using it for almost 15 years now, I absolutely hate iptables(and ipchains, and ipfwadm). By contrast I absolutely hate everything about OpenBSD except for pf(which I love, ipfw and ipf aren't too bad either, at least for the era), so I use OpenBSD for firewalls, and linux for everything else.
nate