[CentOS] Optimizing CentOS for gigabit firewall
mailrc at abv.bg
Sun Dec 20 16:10:18 UTC 2009
What solution for gigabit firewall can you suggest? Witch OS and packet filter is capable to atcheave hight performance and gigabit speeds?
>Les Mikesell wrote:
>> Timo Schoeler wrote:
>>>> What about NetBSD? I heard that NetBSD has the best network stack out
>>>> there. Maybe NetBSD with pf is the best choice?
>>> NetBSD is a very nice OS, I personally like it most (out of all BSDs out
>>> there); however, as can be read on
>>> there's the 'usual lag': OpenBSD implements feature X in 4.6, wait some
>>> time to see it implemented elsewhere.
>>> One of the biggest strengths of OpenBSD is that it's really a completely
>>> rounded piece of work. Keep it that way. pf will perform best on
>>> OpenBSD, with all the nice features it has.
>> Has anyone used Firewall Builder to create a complex set of iptables
>> rules? Or compared performance where it built the same thing for
>> linux/iptables and bsd/pf?
>Are you joking? That piece of crap just puts everything into one single
>chain. I never EVER use Firewall Builder after I saw the results the
>For a BRIDGING firewall, there is absolutely NO WAY that Linux/netfilter
>can keep up with OpenBSD/pf. I doubt that Linux/netfilter can even reach
>half the performance of OpenBSD/pf.
>CentOS mailing list
>CentOS at centos.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS