From: Michael Bellion and Thomas Heinz <nf@hipac.org>
To: Pekka Savola <pekkas@netcore.fi>
Cc: linux-kernel@vger.kernel.org, netdev@oss.sgi.com
Subject: Re: [ANNOUNCE] nf-hipac v0.8 released
Date: Sat, 28 Jun 2003 22:04:42 +0200 [thread overview]
Message-ID: <3EFDF4DA.80201@hipac.org> (raw)
In-Reply-To: Pine.LNX.4.44.0306270900260.3068-100000@netcore.fi
Hi Pekka
You wrote:
> Looks interesting. Is there experience about this in bridging firewall
> scenarios? (With or without external patchset's like
> http://ebtables.sourceforge.net/)
Sorry for this answer being so late but we wanted to check whether
nf-hipac works with the ebtables patch first in order to give you
a definite answer. We tried on a sparc64 which was a bad decision
because the ebtables patch does not work on sparc64 systems.
We are going to test the stuff tomorrow on an i386 and tell you
the results afterwards.
In principle, nf-hipac should work properly whith the bridge patch.
We expect it to work just like iptables apart from the fact that
you cannot match on bridge ports. The iptables' in/out interface
match in 2.4 works the way that it matches if either in/out dev
_or_ in/out physdev. The nf-hipac in/out interface match matches
solely on in/out dev.
> Further, you mention the performance reasons for this approach. I would
> be very interested to see some figures.
We have done some performance tests with an older release of nf-hipac.
The results are available on http://www.hipac.org/
Apart from that Roberto Nibali did some preliminary testing on nf-hipac.
You can find his posting to linux-kernel here:
http://marc.theaimsgroup.com/?l=linux-kernel&m=103358029605079&w=2
Since there are currently no performance tests available for the
new release we want to encourage people interested in firewall
performance evaluation to include nf-hipac in their tests.
Regards,
+-----------------------+----------------------+
| Michael Bellion | Thomas Heinz |
| <mbellion@hipac.org> | <creatix@hipac.org> |
+-----------------------+----------------------+
next prev parent reply other threads:[~2003-06-28 19:50 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-25 20:48 [ANNOUNCE] nf-hipac v0.8 released Michael Bellion and Thomas Heinz
2003-06-25 21:03 ` Folkert van Heusden
2003-06-25 23:52 ` Thomas Heinz
2003-06-26 13:38 ` Daniel Egger
2003-06-26 14:20 ` Michael Bellion and Thomas Heinz
2003-06-26 14:45 ` Daniel Egger
2003-06-27 6:06 ` Pekka Savola
2003-06-28 20:04 ` Michael Bellion and Thomas Heinz [this message]
2003-06-29 6:26 ` Pekka Savola
2003-06-29 7:45 ` Roberto Nibali
2003-06-29 16:26 ` Michael Bellion and Thomas Heinz
2003-07-02 5:30 ` Pekka Savola
2003-07-02 12:26 ` Michael Bellion and Thomas Heinz
2003-07-02 13:08 ` P
2003-07-02 13:48 ` Michael Bellion and Thomas Heinz
2003-07-02 14:23 ` P
2003-07-02 16:57 ` Michael Bellion and Thomas Heinz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3EFDF4DA.80201@hipac.org \
--to=nf@hipac.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
--cc=pekkas@netcore.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).