Hello, we plan to use Netfilter/IPTables to build a firewall for our heavy loaded eCommerce-Plattform. Basically this should be two Linux-Firewalls, running in a High-Availability mode. Each firewall will have four Gigabit network interfaces (Internet, DMZ, Trusted Network, H/A-Link). In total, the firewalls have to handle about 400 Mbps of IP traffic and around 60.000 - 70.000 simultaneously connections. Our ruleset will have around 40 - 80 rules, and the Connection-Tracking (stateful inspection) should be enabled. Does anybody have experiences with iptables firewalls of this size? Is the Netfilter code able to handle this amount of traffic on current i386-plattform machines? Which hardware and how much RAM do I need? It would be nice, if somebody could give me some hints. Thanks, Markus
