From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter Surda <surda@shurdix.com>
Date: Tue, 16 Aug 2005 17:21:02 +0000
Subject: Re: [LARTC] Hardware Configuration Ideas
Message-Id: <20057161921212097@mail.routehat.org>
List-Id: <lartc.vger.kernel.org>
References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAENEVIhFsNkiQ6vTBNVSNQcKAAAAQAAAAJ07bVuJvEUWsDJDH0zUe+gEAAAAA@web-profile.net>
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAENEVIhFsNkiQ6vTBNVSNQcKAAAAQAAAAJ07bVuJvEUWsDJDH0zUe+gEAAAAA@web-profile.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Also,
....

On Tue, 16 Aug 2005 11:38:06 -0500 "Taylor, Grant" <gtaylor@riverviewtech.net>
wrote:

>+If you are not doing much in the way if *VERY* *ADVANCED*
>+firewalling, just basic source and / or destination IP v
>alidation and / or source and / or destination port validation will not need
>+much of a processor.  In fact I'd try it with a 500 MHz to 1 GHz system, what
>+ever is the most economical that you can get your hands on.
Yes. In fact most cases of "advanced" firewalling only mean that you have a
stupid fw-design, like hundreds/thousands of rules in one chain :-). Usually can
be optimised by using sub-chains, ipset and/or ipt_ACCOUNT.

Yours sincerely,
Peter

-- 
http://www.shurdix.org - Linux distribution for routers and firewalls
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc