Figure I should toss in some info here: note that I posted a correction below. Given that the kernel isn't pageable, swap space won't ever be an issue.
As far as CPU performance goes, I tested this on a 486DX/66, and I could run full 10Mb ethernet links saturated without any packet loss with a minimal ruleset (but running NAT [masquerading]).
The only thing I'd like to say about this idea is that it's not accessible. The thing I liked best about the ease of doing this on RH is that even a junior SA could perform this task with relative ease.
Flashing BIOS with specialized code is a more difficult task, and probably isn't something that your average admin is going to undertake (especially for a specialized project).
As the author of the article being discussed, I wanted to point out one of my own errors. I discussed the lack of swap-space as a limitation to the setup; however, the linux kernel isn't pageable, so swap space would have no effect on the performance of the firewalling code.
I've had a few people point that out, so I wanted to post that correction publically.
Feel free to email me at mmurray@ncircle.com if you have questions or commments...:)
Slashdot Mirror
Figure I should toss in some info here: note that I posted a correction below. Given that the kernel isn't pageable, swap space won't ever be an issue.
:)
As far as CPU performance goes, I tested this on a 486DX/66, and I could run full 10Mb ethernet links saturated without any packet loss with a minimal ruleset (but running NAT [masquerading]).
Thought that might be useful info...
Makes perfect sense to me... =)
:)
The only thing I'd like to say about this idea is that it's not accessible. The thing I liked best about the ease of doing this on RH is that even a junior SA could perform this task with relative ease.
Flashing BIOS with specialized code is a more difficult task, and probably isn't something that your average admin is going to undertake (especially for a specialized project).
My $0.02 on this one...
Hi all...
:)
As the author of the article being discussed, I wanted to point out one of my own errors. I discussed the lack of swap-space as a limitation to the setup; however, the linux kernel isn't pageable, so swap space would have no effect on the performance of the firewalling code.
I've had a few people point that out, so I wanted to post that correction publically.
Feel free to email me at mmurray@ncircle.com if you have questions or commments...
Mike