also sprach Michael Loftis <mloftis@modwest.com> [2006.03.12.1159 +0100]:
> The only thing I can say is be *VERY* careful on a busy Linux box.
> iptables sucks. It's sequential, meaning every entry in a list has to be
> processed.
This is not the case. You can branch iptables rulesets to arbitrary
complexity. In fact, I often wanted Firewall-1 to have a similar
feature. Firewall-1 scales pretty damn well (4 Gbps throughput,
stateful), but in my experience, iptables can handle way more.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver!
"geld ist das brecheisen der macht."
- friedrich nietzsche
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)