also sprach Michael Loftis <mloftis@modwest.com> [2006.03.12.2301 +0100]:
> Yes you can make arbitrarily deep jumps/chains, but any single
> list is still processed sequentially. Once could probably
> implement scripting to produce a sort of binary tree on
> hashes/jumps to chains. Fact is it does not do long lists well at
> all because they are processed sequentially, unless this has
> changed for 2.6.
it has not. which other firewall software uses binary trees?
> I'd love to see a Linux box capable of 4Gbps throughput but
> somehow I really doubt this as being possible without a LOT more
> work, and some pretty trick hardware.
I have set up a bunch of boxes filtering 10Gbps links. On one, there
is a continuous >3.2 Gb. Mean is below 4 Gbps, but they have never
faltered.
however, my rulesets hardly exceed 20-30 lines except for the
various subchains which handle special cases.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver!
"the vast majority of our imports come from outside the country."
- george w. bush
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)