> Brian J. Murrell wrote: > > Hrm. How much of the "grunt work" is offloaded from the "firewall" > > system though?
And to put a number on that, I find it's usually about a 10:1 split. The part that's left running on the firewall system appears to spend almost all its time doing the fork+exec thing for iptables - once per rule, and fork+exec is a lot slower than people expect. It could be made faster, but not by running on a different host. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
