Hi! Great question:
On Sun, Jul 22, 2012 at 4:04 AM, kitepi...@kitepilot.com < kitepi...@kitepilot.com> wrote: > Hello World: > I run my firewall on a LFS box. > You might also consider a hardened kernel with: http://grsecurity.net/ > Everything on it is compiled from source. > No bells and whistles, only the essential software is installed. > The hardware is 64 bits but I've been running 32 bit OS. > 32-bit iptables doesn't work on a machine running amd64 kernel, when run it reports: === # iptables -L iptables v1.2.11: can't initialize iptables table `filter': Module is wrong version Perhaps iptables or your kernel needs to be upgraded iptables has to be 64bit to talk to a 64bit kernel due to an alignment issue in the kernel structures for iptables. So you do need at least the 64bit iptables binary and associated libs. This time around I am wondering... > The question is: > Is there any advantage to compiling the whole iptables enchilada in 64 > bits? > - 32 bit is faster than 64 bit - 32 bit is well tested, 64 bit isn't tested at all - 2039 is still long way off The only reasons to compile anything in 64bit architecture: - It needs to access more than 4GB of memory. In the real world this only applies to huge databases. - It needs to talk to the kernel directly. Some applications, like iptables, contain ugly hacks to support the 64 bit kernel/32 bit userland thing. - It is a kernel. For you to talk with your 64bit kernel, you need 64bit iptables! > Should it be avoided? > Please note that the 'normal' rules like 'more than 4GB and/or > 32-bit-adobe' do not apply here, what I am looking for is whether > filtering/marking will be faster/slower and (if known) why. > Any ideas? > Tnx > ET > -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** <http://it-clowns.com>Safeway.com Automation Engineer
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
