[KLUG Members] A plea for firewall ideas

[Adam Tauno Williams]

> > >If you have ideas for firewall distros for  heavy use (sorry, smoothwall 
> > >and the like won't cut it), let me know. ...
> > Yes, I'd like to see more about this. What limits do you see, Adam? I
> agree
> > with the "other" Adam [Williams] that you've gotta be pumpin' SOME packets
> > to swampp this stuff...
> > Also, (From some lurking DL developer) ... why wouldn't DL face the same 
> > limits?
> I also am confused about the "limits".  Linux is Linux, if it's
> smoothwall, Devil-Linux, Debian, SuSE, or whatever.  
> If a slow Pentium 100-200 Mhz machine can firewall a full T1 without
> much noticeable increase in load average, then why can't a slightly
> faster machine firewall a much larger pipe?

Right, my IBM x300 handles 4 ethernet segments (backbone, internet (2 T1s) via
Cisco router, wireless, & DMZ).  Plus n number of inbound VPN connections and
running as a filtering SMTP relay for inbound messages.  Never breaks a few
percentage points of CPU utilization.

> Or does "limits" refer to some piece of required software not included
> in smoothwall/ipcop?

Could be,  I gave up on firewall-specific distros since I kept having to work
around thier limitations or constantly chaninging wierd administrative
mechanisms.