On Wed, 27 Jan 2010 07:54 -0500, "Chris Dukes" <pak...@pr.neotoma.org> wrote: > On Tue, Jan 26, 2010 at 04:38:08PM -0800, mehma sarja wrote: > > I am running an embedded 533 MHz with 256 MB memory and it is woefully > > inadequate for an office setting. Even for a home setting which wants stuff > > like snort running as well. I would WAG atleast a 2 GB memory and the Atoms > > max out at that...? If the firewall will be doing other stuff like snort, > > vpn, dns, dhcp, nat, (I am talking pfSense here), then 2 GB is rather short > > and I'd like to see a beefier CPU as well. So, the question really is what > > all are you going to be doing with it? > > Is it still woefully inadequate if snort, vpn, and DNS are moved > off the firewall?
On a busy interface, Snort can use a good deal of CPU consistently: load averages: 0.50, 0.31, 0.24 08:09:25 33 processes: 31 idle, 2 on processor CPU0 states: 4.4% user, 0.0% nice, 0.2% system, 8.8% interrupt, 86.6% idle CPU1 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU2 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU3 states: 11.8% user, 0.0% nice, 0.0% system, 0.0% interrupt, 88.2% idle Memory: Real: 180M/542M act/tot Free: 2819M Swap: 0K/518M used/tot PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND 16499 _snort 31 0 171M 158M onproc/1 - 24.9H 16.89% snort 5502 root 2 0 1116K 2080K sleep/1 select 0:51 0.00% sendmail 16446 _pflogd 4 0 636K 444K sleep/0 bpf 0:06 0.00% pflogd > I ask because running DNS on the firewall has given me the heebie jeebies > for years. And I have dim memories of a few security exploits for snort. > > > > -- > Chris Dukes