I am trying to find out the capacity of my iptables firewall. Is there a limit for the state table in terms of connections it can track? How about a Linux limit on processes, etc.? We have a DS3 at 15mb/s and I want to make sure my box can handle it before I continue on my project. Currently, I have a 500mhz Intel box with 256mb of memory and server-class Intel 10/100 NICs. It seems this should be able to handle it if I tweak the kernel configs properly. This box is going to be acting more as a screening router than a firewall (it is a bridging + iptables firewall... no IP on the box). The rule set will be minimal as I just want to screen out obvious bad traffic from getting to the network OUTSIDE my firewall (from the internet). The main firewall does a great job for the internal stuff but I want to help the external stuff as much as possible without interfering with legitimate traffic. Any comments, helpful hints, words of experience...?
