im setting up a firewall for my isp, and i wondered if i needed any "stronger" hardware.
my firewall consist of 5 3com100mbit nic(one of them are to be replaced by a 1gbps nic) and the machine has a k6 475mhz prossessor and 64 mb ram running 2.4.5 kernel and iptables is that hardware suficcient? our network are regulary victim for DDoS, and things like that. -- anders gj�re kvalito it as +47 414 22 934 -----Original Message----- From: Daniel Pittman [mailto:[EMAIL PROTECTED] Sent: 8. juli 2001 12:27 To: Asher Densmore-Lynn Cc: [email protected] Subject: Re: expected load? On Sun, 08 Jul 2001, Asher Densmore-Lynn wrote: > At 07:09 PM 7/8/01 +1000, Daniel Pittman <[EMAIL PROTECTED]> wrote: > >>Yup. Load comes from running *user* processes, not from the kernel. >> >>Given that iptables is completely in-kernel, it doesn't generate load >>no matter how hard it's working. So, a load average of 0.00 means that >>there isn't any software running on the machine. > > I've been thinking about that. > > How, then, DO you tell how hard the firewall rules are pressing a box? > Compare RC5 scores with and without the firewall rules or something? > > "Hmm, I think we're being packeted... yeah, xfractint is jerking like > crazy. Oops, no, never mind, that's me. Gotta cut down." *grin* You /should/ be able to see the load accounted for in "system" space, but I am not sure if that's accurate or not. IIRC, some things in interrupts were not accounted for correctly a while back.[1] Something like xfractint would be the best bet. ;) Daniel Footnotes: [1] That's a hazy memory from a long time ago, though, folks, so don't put /too/ much faith in it. -- It's a truism in technological development that no silver lining comes without its cloud. -- Bruce Sterling -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
