>>> firewall that uses optimized algorithm to store hundreds of IPs and to
>>> forward huge traffic. Any idea?
>>
>> Hundreds?
>>
>> http://www.openbsd.org/faq/pf/tables.html
>>
>> "A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups
>> against a table are very fast and consume less memory and processor time
>> than lists. For this reason, a table is ideal for holding a large group of
>> addresses as the lookup time on a table holding 50,000 addresses is only
>> slightly more than for one holding 50 addresses. Tables can be used in the
>> following ways:
>>
>> * source and/or destination address in filter, NAT, and redirection rules.
>> * translation address in NAT rules.
>> * redirection address in redirection rules.
>> * destination address in route-to, reply-to, and dup-to filter rule
>> options."
>>
>> nuff said ?
>>
>> I love linux, I've been using it for almost 15 years now, I absolutely
>> hate iptables(and ipchains, and ipfwadm). By contrast I absolutely
>> hate everything about OpenBSD except for pf(which I love, ipfw and
>> ipf aren't too bad either, at least for the era), so I use OpenBSD
>> for firewalls, and linux for everything else.
>
>I can back this; during 2009, I deployed a bunch of load balancers
>running OpenBSD (using pf, carpd, and relayd). I used to be a super die
>hard BSD guy, but through the years and having used/deployed/propagated
>NetBSD, then FreeBSD, then OpenBSD, then NetBSD again, I took one of my
>usual once-a-year looks at GNU/Linux (this time, it was CentOS, after
>having worked with RHEL for some years), I got settled here.
>
>Long story short: I'd really recommend OpenBSD for your task. iptables
>really sucks. I recently deployed some machines running several virtual
>instances (however still the cheapest *proven* way to get several IP
>stacks in Linux) doing L2 routing, I threw iptables off of that machines
>because it just can't handle stuff at that rate. OpenBSD rocks, I even
>have a setup running (active-active, load balanced) at about 40Mbps
>using Alix boards [0] -- they rock, and they are no way busy.
>
>OpenBSDs documentation is the best out there, it's documentational
>quality is what I really really badly miss in the Linux world. However,
>the community is a bunch of (sorry in advance) assholes. But this is
>well known throughout the internet, so: You have been warned. Great
>product, totally lame vendor. ;)
>
>Timo
>
>[0] -- http://pcengines.ch/alix.htm
>
>> nate
>_______________________________________________
>CentOS mailing list
>CentOS@xxxxxxxxxx
>http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
