Good luck, when you have time I also recommend that you read this. https://calomel.org/network_performance.html
On 2015-02-19 08:05:54, ML mail wrote: > Thanks to all of you for this interesting discussion. My OpenBSD firewall > will only be doing PF as I totally agree that a firewall should have the > least userland application running as possible of course if your budget > permits it. So far I have around 340 rules (as the number of lines in the > output of a "pf -sr") and a state table of around 12-20k entries depending > the time of the day. As per your recommendations I will go with a higher CPU > frequency and less cores as packet filtering still only takes place on one > single core. I might also experiment if I should use bsd.mp or the standard > non SMP bsd. > > I also agree with Nick that CPU is of course not the only criteria but the > rest I have luckily already sorted out :) For example by using nice and > modern Intel 10 Gbit/s NICs, CompactFlash industrial grade flash storage, > redundant setup with 2 firewalls and CARP, etc. OpenBSD does a great job > here, I don't even want to imagine the price of such a setup with C***o > hardware. > > Cheers