Hi Eric, Fantastic docs, I had not seen the one by Jesper http://nfws.inl.fr/nfws_userday/Jesper-Brouer_Large-iptables-rulesets.pdf Thanks again Payam 2010/2/11 Eric Leblond <eric@xxxxxx>: > Hi, > > Le mercredi 10 février 2010 à 23:46 -0800, Payam Chychi a écrit : >> Hi Guys, >> >> Ive been reading all over the web on performance tests done against >> iptables and its ability to perform both state and non-state >> filtering. I am setting up a pretty decent server for some testing and >> I was wondering if you guys could give me some ideas on how to fully >> push iptables to its limits (different type of traffic, different >> usage, string matching/u32 module and such...) >> >> Server consists of: >> Quad Cor Intel(R) Xeon(R) CPU E5420 @ 2.50GHz >> 32gig Ram >> 220gig Sata (not worried about this as im trying to keep most things in ram) >> Intel Gig nics >> >> Running: >> Debian 5.0 + grsec >> >> I will later post results and poc online for others to view >> Any/All ideas are welcome =) > > There is some interesting read about the topic: > http://people.netfilter.org/kadlec/nftest.pdf > http://nfws.inl.fr/nfws_userday/Jesper-Brouer_Large-iptables-rulesets.pdf > > Google on "Netfilter performance" seems to bring some other information > sources. > > BR, > -- > Éric Leblond <eric@xxxxxx> > EdenWall, http://www.edenwall.com/ > NuFW, http://www.nufw.org > -- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
