On 6/2/10 2:25 AM, lanas wrote: > Yes. And before being installed at the netfilter/iptables level, the > policies configuration has to be read by shorewall. I haven't read the > shorewall Perl code so I do not know if there are any limitations in > there, for instance, with a unit that would have 100 LAN and 100 WAN > interfaces. As asuch, would there be any limitation in the shorewall > code that would prevent it from dealing with a huge number of > interfaces ?
Shorewall 4.4 has only a couple of architectural limits. - Maximum of 252 providers. - Maximum of 255 interfaces in /etc/shorewall/tcdevices unless you assign class Ids manually. I have a report from a user of a RHEL5-based system that iptables-restore would fail when asked to restore more than ~62k rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
