Re: [Efw-user] compared bandwidth efw/ipcop

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

NightLord wrote:

> NightLord a Ã©crit :
>> Hi everyone... This i s a bit strange... last time i was questionning
>> about snort, and today i'm questionning myself about efw... I've
>> re-installed ipcop on my hardware and found that i was able to download
>> at full speed (ie 1.6 MB -> 12.Mbits/s)... I switched bak to ipcop
>> 2.2rc3 and found my max download were back to /_200/250 MB_/ (kB to be
>> read !)... What can be so greedy for efw so he cannot go for more than
>> this download rate... what can set a limit ? the conf is the same on the
>> 2 installation (no proxy, no out firewalling, 1 orange and a couple of
>> port forwarding)
>>   
> I came back to ipcop and here we are, again 1.6 MB compared to 250 KB
> (and not MB as written above... my mistake ! i wish i have a 250 MB band
> :-) )
> 
> The hardware has not changed, the services are the same.... i don't need
> content filtering so i think i'll stick to ipcop for the moment, but i'd
> like to understand what's the problem (if problem it is)
> 
> StÃ©phane
> 
> 

I'm not sure if most users here understand that EFW was a fork from IPCop 
about 15 IPCop updates ago in the 1.4 branch. A lot of addons that are made 
for IPCop by various addon writers are already a part of EFW. I always 
thought that many who load down IPCop with a dozen addons should try EFW. I 
prefer IPCop for my needs and it is the basis of my Raqcop project which is 
IPCop made to run on Cobalt hardware. Any filtering that is added to a 
firewall/router will cause the cpu and memory requirements to grow 
drastically if they are used. In either case, Snort in addition to giving 
numerous false positives due to bogus rules that will be superseded on the 
next rules update with new rules of which many will turn out to be bogus, 
you lose about 100MB of ram for each monitored interface. Most experienced 
users only enable on green, your log summary is far more useful to see 
unsolicited attempts, the ones that show on red and have dest none, that 
means they were dropped and the firewall did it's job. Probably the one 
thing I can say for sure is that you can never have too much ram.