also sprach Michael Loftis <mloftis@modwest.com> [2006.03.12.1159 +0100]: > The only thing I can say is be *VERY* careful on a busy Linux box. > iptables sucks. It's sequential, meaning every entry in a list has to be > processed. This is not the case. You can branch iptables rulesets to arbitrary complexity. In fact, I often wanted Firewall-1 to have a similar feature. Firewall-1 scales pretty damn well (4 Gbps throughput, stateful), but in my experience, iptables can handle way more. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver! "geld ist das brecheisen der macht." - friedrich nietzsche
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)