[CentOS] Optimizing CentOS for gigabit firewall
Thomas Harold
thomas-lists at nybeta.com
Fri Dec 18 21:35:01 UTC 2009
On 12/18/2009 4:12 PM, Peter Serwe wrote:
> You can't patch the Berkeley Packet Filter into Linux. Linux kernel
> doesn't support it.
>
> and...
>
> Despite a cacophonous chorus of replies directing you to the right tool
> for the job, you insist on sticking with Linux.
>
> If you want to use the wrong tool for the job, by all means, use
> ipset/iptables - have a great time with it. When it doesn't
> give you the performance you want, then you will probably go buy
> something else.
>
Or wrap it up using Shorewall or one of the other meta tools that manage
the iptable chains for you.
More information about the CentOS
mailing list