after quick search in google: http://postfactum.pl.ua/pf/ I will test to patch latest linux kernel with pf. What do you thing? >sadas sadas wrote: > >> I can't find information is there linux or BSD distribution with effective >> firewall that uses optimized algorithm to store hundreds of IPs and to >> forward huge traffic. Any idea? > >Hundreds? > >http://www.openbsd.org/faq/pf/tables.html > >"A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups >against a table are very fast and consume less memory and processor time >than lists. For this reason, a table is ideal for holding a large group of >addresses as the lookup time on a table holding 50,000 addresses is only >slightly more than for one holding 50 addresses. Tables can be used in the >following ways: > > * source and/or destination address in filter, NAT, and redirection rules. > * translation address in NAT rules. > * redirection address in redirection rules. > * destination address in route-to, reply-to, and dup-to filter rule >options." > >nuff said ? > >I love linux, I've been using it for almost 15 years now, I absolutely >hate iptables(and ipchains, and ipfwadm). By contrast I absolutely >hate everything about OpenBSD except for pf(which I love, ipfw and >ipf aren't too bad either, at least for the era), so I use OpenBSD >for firewalls, and linux for everything else. > >nate > > >_______________________________________________ >CentOS mailing list >CentOS at centos.org >http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091218/617f260b/attachment-0005.html>