Hello, I hear that when I use connection trakcing in iptables, the overhead of the system is high. Because, the system maintains the more memory tables about all the connections. right? So, some commecial firewall company based on linux, don't use Sateful Inspection function in their product.
I have some questions about this. 1. Is it true that SI(Sateful Inspection) use so much memory and the function is useless in the point of performance? 2. If this is true, is it possible that for example, telnet , pop, smtp service use SI function and ftp-data, streaming which require so much data, not use SI function? 3. At firewall system, which is better that use module or put the kernel statically? ie, ip_tables, iptable_filter .. 4. Have you ever heard about gigabit firewall based on linux iptabels? When I use gigabit firewall, what more configuration is required in iptables? (Gigabit Ethernet and so fast CPU and more?) Thanks in advance. _________________________________________________________________ MSN Explorer�� ������ Hotmail ����� �ξ� ������ ���ϴ�. ���� http://explorer.msn.co.kr/ ���� ����� �ٿ�ε��ϼ���.
