> Hi
>
> I wouldn't care about the performance in the first place -
> finally, you want to have a secure gateway to an insecure network.
>
> Normally, the performance is not an issue:
>
> 1) Your typical connection to the internet is a lot slower than
> a moderate linux box with a huge amount of rules (in my
> experience, this is true in real world examples a least up to
> networks of 1 Mb/s [depending on the machine and the effective
> rule set]).
> 2) Not having all the needed rules, you're in danger of getting
> hacked. If your network gets hacked, than you're a lot slower
> while rebuilding the hacked infrastructure :-(
>
> Just my 2 cents...
3) Output rules are perfomance waste in the most of the cases...
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu
This archive was generated by hypermail 2b29 : Fri Jan 07 2000 - 21:00:11 EST