[CentOS] Optimizing CentOS for gigabit firewall

Thomas Harold thomas-lists at nybeta.com
Fri Dec 18 21:35:01 UTC 2009

On 12/18/2009 4:12 PM, Peter Serwe wrote:
 > You can't patch the Berkeley Packet Filter into Linux.  Linux kernel
 > doesn't support it.
 > and...
 > Despite a cacophonous chorus of replies directing you to the right tool
 > for the job, you insist on sticking with Linux.
 > If you want to use the wrong tool for the job, by all means, use
 > ipset/iptables - have a great time with it.  When it doesn't
 > give you the performance you want, then you will probably go buy
 > something else.

Or wrap it up using Shorewall or one of the other meta tools that manage 
the iptable chains for you.

