Hi,
I'm a heavy Linux user and implementor at work, but due to chance I've
had more experience using packet filters on OpenBSD, Solaris and
FreeBSD. I've had most of my experience with pf on OpenBSD and
therefore its my favorite of the three, but I know iptables/netfilter
on Linux is more featureful. Linux has other advantages like a huge
number of ports, the biggest driver library of them all and very
cutting edge optimisations everywhere, not to mention more eyeballs at
work on the code.
So can people with experience please offer their biased and unbiased
opinions on these three ways of filtering TCPIP (v4 and v6) and IPX?
We're all most interested in ipv4 I guess.
On a related issue, does anyone know of the differences in benchmarks,
stability and methods of remembering states of level4 data that are
maintained in the memory? OpenBSD and Linux have seemed very stable
and fast, as packet filtering isnt quite a novelty, but with ipf in
Solaris and iptables in Linux kernel 2.4, I HAVE experienced slowdowns
when a great deal of connections are made, as in three different
workstations pinging a list of counterstrike servers (over 30 thousand
servers) simultaneously, and therefore exceeding 65535 connections
through a packet filtering firewall. This might well be a limit of
TCPIP itself where TCP ports are limited, but I need opinions on its
usability in high performance areas.
|
Similar Threads
Linear Mode
