also sprach Michael Loftis <mloftis@modwest.com> [2006.03.12.2301 +0100]: > Yes you can make arbitrarily deep jumps/chains, but any single > list is still processed sequentially. Once could probably > implement scripting to produce a sort of binary tree on > hashes/jumps to chains. Fact is it does not do long lists well at > all because they are processed sequentially, unless this has > changed for 2.6. it has not. which other firewall software uses binary trees? > I'd love to see a Linux box capable of 4Gbps throughput but > somehow I really doubt this as being possible without a LOT more > work, and some pretty trick hardware. I have set up a bunch of boxes filtering 10Gbps links. On one, there is a continuous >3.2 Gb. Mean is below 4 Gbps, but they have never faltered. however, my rulesets hardly exceed 20-30 lines except for the various subchains which handle special cases. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver! "the vast majority of our imports come from outside the country." - george w. bush
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)