[unisog] IPTables as high banwidth firewall

Michael Holstein michael.holstein at csuohio.edu
Mon Aug 1 14:17:56 GMT 2005


> Have any members on this list had any experience using a linux host with 
> iptables as a firewall handling and filtering high volume traffic. I am 

This is where the maxim "just because it *can* be done, doesn't mean it 
should be done".

With the right hardware (PCI-X or faster) interfaces and enough 
horsepower behind it, it's possible -- but it's far easier (and far more 
reliable) to just buy a purpose-built hardware firewall (eg: PIX).

Sure, you could implement failover and all the same features in a Linux 
box, but by that time, you've created something so complex it can't be 
easily administered (sure, *you* know how it's setup .. what happens 
when you win the lottery and the next guy/gal has to troubleshoot?)

(My $0.02)

Michael Holstein CISSP GCIA
Cleveland State University


More information about the unisog mailing list