[CentOS] Optimizing CentOS for gigabit firewall

Timo Schoeler timo.schoeler at riscworks.net
Fri Dec 18 21:17:03 UTC 2009

On 12/18/2009 10:12 PM, Peter Serwe wrote:
> You can't patch the Berkeley Packet Filter into Linux.  Linux kernel doesn't
> support it.
> and...
> Despite a cacophonous chorus of replies directing you to the right tool for
> the job, you insist on sticking with Linux.
> If you want to use the wrong tool for the job, by all means, use
> ipset/iptables - have a great time with it.  When it doesn't
> give you the performance you want, then you will probably go buy something
> else.
> I don't care how you pretty up iptables and it's predecessor, ipchains, it's
> still a black eye on Linux comparatively speaking.
> Berkeley invented TCP/IP, the Berkeley TCP/IP stack is implemented on just
> about every platform/OS combination there is.
> Berkeley *is* networking.  And yes, the community around BSD are assholes,

(I'd like to say that all other BSD communities are very friendly; the
one exception is the OpenBSD guys. OTOH, they're sometimes more than on
the right track: E.g., when they say 'open source', they mean it.
GNU/Linux is as lame as the FreeBSD guys, as both allow tainted stuff,
as binary-only drivers (nVidia, e.g.). NetBSD is neither nor.


> but they are semi-entitled.  Their shit is way
> better documented than just about anything else in Open Source, including
> most things Linux.
> Peter

More information about the CentOS mailing list