** Reply to message from Gordon Messmer <[EMAIL PROTECTED]> on Sat, 16 Mar 2002 11:53:05 -0800
> Asking on this list is likely to get you mostly recommendations of Linux > (iptables) based commercial firewalls. Iptables is, in every sense, a > commercial firewall. Open source firewalls based on Linux and FreeBSD, > as well as IDS's (snort, specifically) are rated very well, and are > quite capable even compared to hardware based firewall products. In > fact, I would probably choose an iptables based firewall for any > situation where it was appropriate. > > It becomes less appropriate when the amount of traffic to be firewalled > approaches half the bandwidth of the PCI bus. Hardware firewalls tend > to have much faster back planes. You can sometimes compensate for this > by having more firewalls in front of smaller groups of networks/hosts. Note also that the NAPI framework has just been dropped into the 2.5.x kernel development tree and will likely be backported to the 2.4. series. It allows much faster processing of interrupts and apparently makes a huge positive difference in throughput which in turn will likely improve the netfilter/iptables side. jb -- Jack Bowling mailto: [EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
