All,
I've started a project to convert our current Elron firewall to a Linux
2.4 firewall. Before we spend $10-$20k on a PIX or FW1, i told my
managers to let me see what Linux 2.4 can do. They said go for it...
Most of the iptables examples i see are for home/small offices, with only
20-30 rules, if that. When looking at my current ruleset, my initial
testing shows that i'll have 1000-2000 iptables rules. Anyone have any
linux firewalls that big or bigger? (i'd love to believe linux can handle
it....but i want some real world testimonies from someone who's done it :)
)
Do you really save that much CPU by classifying traffic into different
tables? Ie i've seen examples where you create tables for tcp, icmp,
udp/incoming, outgoing, etc... Is there a better way to separate the
traffic? Is it worth the hassle?
The net connection is only 3Mbps, so i don't think i need LOTS of cpu. But
the connection is pegged most of the day. I have a PII 450mhz/128m ram
for the job. Comments on the hardware?
Also will linux filter/route IPSec protocols? Stuff like GRE, ESP
(IP protocol 50), AH (IP protocol 51). This was the issue that started
this project...
Thanks for any advice.
later!
Ray
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Administrator Southeastern Louisiana University
IBM Certified Specialist AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
