Pasi Kärkkäinen wrote: > Some months ago there was discussions about 10 gbit performance with > Linux. Some guys were pushing over 70 Gbit/sec through a single linux > box. > > Not sure if firewalling was enabled.. most probably not. > what I see consistently with iptables is people writing far too many rules and trying to micromanage traffic when the kernel already knows what its doing. try to keep it super simple. ***BSD's pf rules are just much simpler, it takes far fewer of them to do what you need to do.