So if you are talking about physical interfaces you rather would not be able to plug such an amount of nics to your hardware. So I assume that you are talking about vlans, tunnel or other virtual interface types.
We have Shorewall running in a specific environment with approx 800 vlan interfaces and it looks like the hardware is quite bored and hungry for another 8000 interfaces. And Shorewall has really now problems with it. The only thing you should keep in mind is that if you have hundrets of interfaces you will have thousand of rules, policy, interface and else config entries. This makes Shorewall to need some additional time to restart. But the longest reload time I ever saw was approx 90 seconds but this must not have to do with Shorewall only since many many things are going on in the background if we restart Shorewall. Cheers Michael -----Ursprüngliche Nachricht----- Von: lanas [mailto:[email protected]] Gesendet: Mittwoch, 2. Juni 2010 11:25 An: Shorewall Users Betreff: Re: [Shorewall-users] A rather stupid question ... On Tue, 01 Jun 2010 19:50:44 -0400, Cristian Rodríguez <[email protected]> wrote : > El 01/06/10 19:29, lanas escribió: > > > So, is there a good answer to such a question ? ;-) > > > > I have not read the netfilter source code, but I guess the limitations > are your RAM and processing power only.- Yes. And before being installed at the netfilter/iptables level, the policies configuration has to be read by shorewall. I haven't read the shorewall Perl code so I do not know if there are any limitations in there, for instance, with a unit that would have 100 LAN and 100 WAN interfaces. As asuch, would there be any limitation in the shorewall code that would prevent it from dealing with a huge number of interfaces ? ---------------------------------------------------------------------------- -- _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
