[CentOS] Optimizing CentOS for gigabit firewall
Chan Chung Hang Christopher
christopher.chan at bradbury.edu.hk
Sun Dec 20 15:45:10 UTC 2009
sadas sadas wrote:
> The syntax is not a problem. The problem is in the performance. I suppose that if I configure OpenBSD to process the in/out packets only to layer 2 the performance will be much more than linux with iptables.
>
You know SQUAT about filtering on Linux. You want a bridging solution?
Then forget about Linux. Even FreeBSD will perform better at bridging
firewalling than Linux and OpenBSD is the best performer available.
That ipset solution came way after OpenBSD and pf had such a feature and
which was already mature and stable too. I should know, I tested ipset
while it was still new some years ago.
More information about the CentOS
mailing list