[KLUG Members] A plea for firewall ideas
Adam Tauno Williams
adam at morrison-ind.com
Tue Aug 31 10:57:14 EDT 2004
> > >If you have ideas for firewall distros for heavy use (sorry, smoothwall
> > >and the like won't cut it), let me know. ...
> > Yes, I'd like to see more about this. What limits do you see, Adam? I
> agree
> > with the "other" Adam [Williams] that you've gotta be pumpin' SOME packets
> > to swampp this stuff...
> > Also, (From some lurking DL developer) ... why wouldn't DL face the same
> > limits?
> I also am confused about the "limits". Linux is Linux, if it's
> smoothwall, Devil-Linux, Debian, SuSE, or whatever.
> If a slow Pentium 100-200 Mhz machine can firewall a full T1 without
> much noticeable increase in load average, then why can't a slightly
> faster machine firewall a much larger pipe?
Right, my IBM x300 handles 4 ethernet segments (backbone, internet (2 T1s) via
Cisco router, wireless, & DMZ). Plus n number of inbound VPN connections and
running as a filtering SMTP relay for inbound messages. Never breaks a few
percentage points of CPU utilization.
> Or does "limits" refer to some piece of required software not included
> in smoothwall/ipcop?
Could be, I gave up on firewall-specific distros since I kept having to work
around thier limitations or constantly chaninging wierd administrative
mechanisms.
More information about the Members
mailing list