[Gllug] iptables with 1000s of IP addresses

[James Hawtin]

> 3) At least at that time, Linux was more capable than Cisco or any of
> the other big network vendors when it comes to massive rulesets - before
> I joined, the company had tried to do the job on some decent firewall
> kit and found serious performance problems. 

No suppring really, a PIX 515E is infact a PII, and a ASA is P4 prescott I
believe (switches don't even come close in speed), modern computers have far 
faster CPUs, what your paying for is the hardened OS, someone to shout
at when you have a problem, and a pool of contracters out there who will
understand the configuration of it, rather than a custom solution.

James 
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug