> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of /dev/rob0 > Sent: Tuesday, September 06, 2005 12:28 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Question about high perfomance Linux firewall > > On Monday 2005-September-05 13:36, Javier Miguel Rodríguez wrote: > > My ruleset will be rather short: 500-600 lines, with SNAT/DNAT in > > (That doesn't seem short to me.) > > > Which gigabit ethernet card is more suitable for high perfomance > > filtering? > > I know and trust the Intels, but I can't say how they will compare. > > > Any special advice about linux distro/ kernel tuning? > > Distro: whatever you are comfortable using. Any can do it. > > CPU: 64-bit processors do not have the same memory address > space limitation as do the 32-bit CPU's. > > Kernel: if a 32-bit CPU, there are simple patches available > which allow you to specify a LOWMEM / HIGHMEM split other > than the default 1G / 3G. > For 1G physical RAM, this is preferable to activating > HIGHMEM. I think mine is set at 1.25G / 2.75G for 1G RAM. > -- > mail to this address is discarded unless "/dev/rob0" > or "not-spam" is in Subject: header I would add to this that AMD processors will probably offer noticeable improvements in performance as demonstrated by http://people.netfilter.org/kadlec/nftest.pdf. Derick Anderson
