Subject: Overhead of stateful packet filtering
To: None <tech-net@NetBSD.org>
From: Matthias Scheler <tron@zhadum.de>
List: tech-net
Date: 08/20/2005 11:59:42
Hello,
I'm considering to reconfigure my firewall (NetBSD 3.0_BETA, PF) to use
stateful packet filtering. But I'm concerned about the overhead caused
by that. The machine is a SPARCstation LX with only a 50MHz MicroSPARC CPU
and 96MB of main memory.
Stateful packet filtering means that it has to keep track of every
connection routed through it. I therefore wonder how much CPU time
and memory PF needs for that per connection.
Kind regards
--
Matthias Scheler http://scheler.de/~matthias/