Hi, iptables conntrack has a connection limit, /proc/sys/net/ipv4/ip_conntrack_max. Apart from that, there should be no fixed limits in your system.
I have a Pentium III 600 happily filtering our colo which varies between 150 and 250 Mbit, so... cheers, Lennert On Fri, Oct 11, 2002 at 02:26:02PM -0500, Pete Davis wrote: > I am trying to find out the capacity of my iptables firewall. Is there > a limit for the state table in terms of connections it can track? How > about a Linux limit on processes, etc.? We have a DS3 at 15mb/s and I > want to make sure my box can handle it before I continue on my project. > Currently, I have a 500mhz Intel box with 256mb of memory and > server-class Intel 10/100 NICs. It seems this should be able to handle > it if I tweak the kernel configs properly. > > This box is going to be acting more as a screening router than a > firewall (it is a bridging + iptables firewall... no IP on the box). > The rule set will be minimal as I just want to screen out obvious bad > traffic from getting to the network OUTSIDE my firewall (from the > internet). The main firewall does a great job for the internal stuff > but I want to help the external stuff as much as possible without > interfering with legitimate traffic. > > Any comments, helpful hints, words of experience...? > _______________________________________________ > Bridge mailing list > [EMAIL PROTECTED] > http://www.math.leidenuniv.nl/mailman/listinfo/bridge _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
