On Wed, 7 Jul 2004, Ronan Heffernan wrote:
> * What kind of latency (expressed as ms?) and CPU load (expressed as, I
> dunno, %CPU on a 900MHz Xeon? or other suitable expression) is
> introduced by having IPTables examine packets?
I used ipchains (precursor to iptables) on a 486dx2/66 (residential cable
modem, two 10Mbps NICs), and it almost always had 0 load.
> Does the penalty scale (linearly? geometrically?) with the number of
> firewall rules?
Should be linear. That is, for each new rule, iptables evaluates only
that rule (n), not that and every previous rule (n^2) or that and
every other rule (e^n).
> Is the latency higher on 100Mbit than 10Mbit?
Depends on the traffic.
> How does the penalty scale-up in relation to load/traffic?
Should be linear.
> * Isn't Windows naturally more secure? (Sorry, that one is just
> flamebait tossed-in for entertainment value!)
humpf.
-- -eben ebQenW1@EtaRmpTabYayU.rIr.OcoPm home.tampabay.rr.com/hactarrm -f /bin/laden
----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:13:14 EDT