Iptables initialization

Robert Connolly cendres at videotron.ca
Sat Feb 14 07:52:22 PST 2004


On February 13, 2004 03:57 pm, Archaic wrote:
> On Fri, Feb 13, 2004 at 12:08:40PM -0500, Bill's LFS Login wrote:
> > As a point of curiosity for me, I have been interested in learning some
> > of the aspects of the overhead associated with filtering (effectively)
> > for security purposes. Haven't done any research yet, but if you know of
> > some docs that address issues such as increased latency, propagation
> > delays, effects on overall throughput, I would be interested. Or if you
> > happen to gather these metrics during your rework, that would be useful.
>
> Can't give any quick links, just an anecdotal. I used a 486SX/33 with
> 4MB of ram on a cable connection with no noticeable degradation. I was
> still averaging 240Kbps before and after the firewall was put up. This
> was on a 256Kbps (theoretical) connection. Upload also chugged along
> around 120Kbps, same as before. Personally, I would have to see
> degradation to believe it since I've personally seen the lack thereof.

My pentium 90mhz, 32mb ram, can upload at about 600kbps, and route at the same 
speed. My 486dx4/100, 48mb ram, tops out around 300kbps. The 486 was DoS'd a 
couple years ago in an arp flood. It had about 8 minute reaction time to 
keystrokes. I'm not sure if the p90 would have held up better. Even if it did 
the bandwidth was saturated.




More information about the hlfs-dev mailing list