On Wed, Feb 18, 2015, at 07:54 PM, Giancarlo Razzolini wrote: > On 18-02-2015 20:30, ML mail wrote: > > Stupid question but if you would have to choose between two different Intel > > CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks > > behind and around 50-60 Mbit/s average traffic would you rather choose the > > CPU with higher Frequency and less cores or for a CPU with lower frequency > > but more cores? > This question isn't stupid at all. And the answer is probably entirely > based on your setup. I do have a similar system, but with less average > traffic, 10MB/s, and one 6-port intel card. In my setup, having the > lower frequency, more cores is better, because my firewall isn't used > just for PF. If you're gonna use you OpenBSD firewall for other > processes such as, proxy, dns server, web server, dhcp server, it won't > hurt to have more cores.
A firewall should be a firewall. Period. It's your first line of defense against attack. Each and every additional thing you run on it just makes it that much more vulnerable to attack.
