2000-04-04-20:09:39 Mandy Andress:
> Is anyone familiar with the scaleability of Linux IPChains?
Great, wonderful. Doesn't eat a lot of CPU.
> Is it dependent on the processing power of the system it's
> installed on?
Of course. The filtering isn't being done by the interfaces, it's
being done in the CPU. But it doesn't load the system noticeably at
all.
> I'm involved with a client about to deploy a large ecommerce site
> using IPChains as it's firewall.
_Highly_ recommended, my favourite setup.
Don't deploy a separate firewall in front of the whole site at all;
just harden every host composing the site --- ipchains for Linux,
Darren Reed's IP Filter for most other Unixes --- and the
firewalling performance scales right up with the size of your farm.
Harden every host and then expose them all directly to the internet
with no additional firewalling at all.
-Bennett
PGP signature
