>> I can't find information is there linux or BSD distribution with effective >> firewall that uses optimized algorithm to store hundreds of IPs and to >> forward huge traffic. Any idea? > > Hundreds? > > http://www.openbsd.org/faq/pf/tables.html > > "A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups > against a table are very fast and consume less memory and processor time > than lists. For this reason, a table is ideal for holding a large group of > addresses as the lookup time on a table holding 50,000 addresses is only > slightly more than for one holding 50 addresses. Tables can be used in the > following ways: > > * source and/or destination address in filter, NAT, and redirection rules. > * translation address in NAT rules. > * redirection address in redirection rules. > * destination address in route-to, reply-to, and dup-to filter rule > options." > > nuff said ? > > I love linux, I've been using it for almost 15 years now, I absolutely > hate iptables(and ipchains, and ipfwadm). By contrast I absolutely > hate everything about OpenBSD except for pf(which I love, ipfw and > ipf aren't too bad either, at least for the era), so I use OpenBSD > for firewalls, and linux for everything else. I can back this; during 2009, I deployed a bunch of load balancers running OpenBSD (using pf, carpd, and relayd). I used to be a super die hard BSD guy, but through the years and having used/deployed/propagated NetBSD, then FreeBSD, then OpenBSD, then NetBSD again, I took one of my usual once-a-year looks at GNU/Linux (this time, it was CentOS, after having worked with RHEL for some years), I got settled here. Long story short: I'd really recommend OpenBSD for your task. iptables really sucks. I recently deployed some machines running several virtual instances (however still the cheapest *proven* way to get several IP stacks in Linux) doing L2 routing, I threw iptables off of that machines because it just can't handle stuff at that rate. OpenBSD rocks, I even have a setup running (active-active, load balanced) at about 40Mbps using Alix boards [0] -- they rock, and they are no way busy. OpenBSDs documentation is the best out there, it's documentational quality is what I really really badly miss in the Linux world. However, the community is a bunch of (sorry in advance) assholes. But this is well known throughout the internet, so: You have been warned. Great product, totally lame vendor. ;) Timo [0] -- http://pcengines.ch/alix.htm > nate