I just wanted to say thanks for a wonderful product, Tom (and everyone who is helping to support it through contributing to the lists, etc). I recently had to re-build my firewall system due to some stupidity of my own, and getting shorewall installed and reconfigured was wonderfully easy due to the simplicity of the product and the clear documentation. Thank you again, David Burrow
Hi Tom, yes, David is right. This product is really good and there is a perfect concept behind. Good work and thank you for spending this product to the community. Claus> I just wanted to say thanks for a wonderful product, Tom (and > everyone who is helping to support it through contributing to the > lists, etc). I recently had to re-build my firewall system due to > some stupidity of my own, and getting shorewall installed and > reconfigured was wonderfully easy due to the simplicity of the > product and the clear documentation. > > Thank you again, > > David Burrow
Greetings All. Shorewall has been a great experience for us, so far! We are using it in a three interface (net, loc, dmz) secnario. The dmz is configured using the proxyarp. The version of shorewall we are using is 1.4.8. The machine is a Celeron 2.4GHz with 128mb ram. Our question is directed towards the proxyarp and related sub-systems. Has anyone seen a point where the firewall performance drops off (or becomes noticeable) in relation to the number of IPs in the proxarp? Over time, hundreds of Ips could be added to the proxyarp. We have observed the route table on the firewall is getting longer with each addition of a new IP. Not sure if one day some practical/useful limit will be reached. [a] Any experience or ideas regarding this issue? [b] Any suggestions for improvement / precautions? [c] Anything else to watch out for? Thanks! Frank
I have a issue with may ips, I change the kernel 2.4 to 2.6.2, and now runs better I have 6000 ips in blacklist.... On Tue, 17 Feb 2004 09:22:29 -0600, Frank Osako wrote> Greetings All. > > Shorewall has been a great experience for us, so far! We are using > it in a three interface (net, loc, dmz) secnario. The dmz is > configured using the proxyarp. The version of shorewall we are using > is 1.4.8. The machine is a Celeron 2.4GHz with 128mb ram. > > Our question is directed towards the proxyarp and related sub- > systems. Has anyone seen a point where the firewall performance > drops off (or becomes noticeable) in relation to the number of IPs > in the proxarp? > > Over time, hundreds of Ips could be added to the proxyarp. We have observed > the route table on the firewall is getting longer with each addition > of a new IP. Not sure if one day some practical/useful limit will be > reached. > > [a] Any experience or ideas regarding this issue? > [b] Any suggestions for improvement / precautions? > [c] Anything else to watch out for? > > Thanks! > > Frank > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm FAQ:http://www.shorewall.net/FAQ.htm ======================================================================================RomerĂa de cerca, mucho vino y poca cera. =======================================================================================