In reply to kevin lyda's flatulent wordings,
> On Tue, Jun 27, 2000 at 12:48:38AM +0100, Smelly Pooh wrote:
> > As I've mentioned before, this memory is much less than the memory that the
> > kernel needs for buffering each network connection, which also grows linearly
> > with the amount of connections being made. Have you ever seen the memory usage
> > of a stateful firewall? You talk the talk tough guy but I think it's about
> > your turn to come up with the benchmarks
>> actually i asked questions.
No you made statements for which I asked for benchmarks, I quote Kevin Lyda
"in order to save state you need to have a place to store it (which takes up
memory and theoretically grows linearly with the number of connections)"
both you and Paul seem to dwell on that point despite the fact that I've never
seen it being an issue (and I doubt that you have either), hence the request
> you had stated things as facts and provided
> a report that's over one year old to prove it. things change in that
> time - linux networking performance could have gotten worse even. i've
> read that 2.4pre kernels have worse disk performance.
My 1 year old report still reflects the current stable Linux kernel, which is
unlikely to change to that great an extent. What have you offered me in
defence of your argument? A college answer sheet with only the most tenuous
relationship to the topic at hand? Let me make an unfounded allegation here,
I dig into Paul, Kevin sees this, doesn't like it (you're a sound mate kev),
dilligently google searches on stateful packet firewalls, latches onto the
first document with anything at all bad to say about them, which turns out to
be aforementioned college sheet, he reads that it says that stateful packet
filters were complex to implement, especially with application level
filtering, latches onto that point on complexity and gives us a nice big
philosophical spiel about simplicity and slavery and leeches and diseases.
Such ego driven selective research hardly makes a convincing point.
I've also offered you the fact that Linux 2.4 will implement stateful
firewalls, I don't see any comments on that. A lot of firewalls are heading
that way, I've already mentioned firewall 1, ipfilter and ipfw. I believe
Netguard and Cisco firewalls have already done it aswell. Despite what grand
theories coding guru Lyda has to put forward about complexity, this is the
direction packet filters are moving in, I doubt that you don't see that.
> the reason i asked those questions is that i think it would be interesting
> to muck about on that level so i'd actually be interested in you
> responding with proof. however you seem more interested in insulting
> people then in providing anything of actual value. obviously continuing
> this thread with either you or the other redbrick people is pointless
> so i'll ask some other people. thanks for reducing my mail load.
I'm very selective about whom I insult, this week it just happens to be Unix
guru's who are too hardcore to accept that Linux mightn't be the be all and
end all of everything, next week I'll concentrate on immigrant Romanian
children washing my windows with tripe, private mail me if you're interested.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!