Hi, Le mercredi 10 février 2010 à 23:46 -0800, Payam Chychi a écrit : > Hi Guys, > > Ive been reading all over the web on performance tests done against > iptables and its ability to perform both state and non-state > filtering. I am setting up a pretty decent server for some testing and > I was wondering if you guys could give me some ideas on how to fully > push iptables to its limits (different type of traffic, different > usage, string matching/u32 module and such...) > > Server consists of: > Quad Cor Intel(R) Xeon(R) CPU E5420 @ 2.50GHz > 32gig Ram > 220gig Sata (not worried about this as im trying to keep most things in ram) > Intel Gig nics > > Running: > Debian 5.0 + grsec > > I will later post results and poc online for others to view > Any/All ideas are welcome =) There is some interesting read about the topic: http://people.netfilter.org/kadlec/nftest.pdf http://nfws.inl.fr/nfws_userday/Jesper-Brouer_Large-iptables-rulesets.pdf Google on "Netfilter performance" seems to bring some other information sources. BR, -- Éric Leblond <eric@xxxxxx> EdenWall, http://www.edenwall.com/ NuFW, http://www.nufw.org
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
