On Mon, 22 Jan 2001, jacob childress wrote:
> Hi folks,
>
> Linux 2.4 firewalling is being discussed on Slashdot today, but I wanted to
> get some opinions from this list. If you've tried it, what are your
> impressions of the new firewalling capabilities in 2.4? And more to the
> point, do you think it will still perform well on older hardware?
>
> The article mentioned in the Slashdot post says this, which worries me a
> little:
> "This connection tracking takes a hell of a lot of memory!"
>
> I'm currently running a 486-100 w/ 48mb RAM with ipchains plus a few other
> services, and it runs just fine, but I figure I'll be making the transition
> when 2.4.2 comes out...
Oooh, an old router DSW. Well mine is a 486/80 w/ 16mb RAM.
Anyways, I wouldn't trust any technical information gleaned from the
comments section on "Slashdot".
I doubt it will take up very much RAM. (I remember the arguments over
devfs[0] which added very little to the kernel footprint. They don't
tolerate bloat, IOW.) You can always compile ipchains and ipfilter as
modules w/ 2.4 and try each and look at the memory difference. Plus, I am
guessing this router is for a little home network (like most 486 routers),
so a few dozen sockets at most will not be a problem I imagine.
Plus, there are lots of other stateful firewall implemenations, most of
which run in far less than 48mb RAM that are used in big corporate
networks.
Paul
[0] Try devfs if you have a chance. It is very cool. Just read the readme
for it. (i.e. install devfsd first.) It is trivial to use devfsd to get
full compatibility. Then you can slowly move things over to the new naming
scheme and reduce the compatibility stuff. (devfsd makes symlinks from old
names to new names.)
--
"I had to hit him -- he was starting to make sense."
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
