From: David W S. <avi...@ai...> - 2009-01-22 08:20:59
|
NightLord wrote: > NightLord a écrit : >> Hi everyone... This i s a bit strange... last time i was questionning >> about snort, and today i'm questionning myself about efw... I've >> re-installed ipcop on my hardware and found that i was able to download >> at full speed (ie 1.6 MB -> 12.Mbits/s)... I switched bak to ipcop >> 2.2rc3 and found my max download were back to /_200/250 MB_/ (kB to be >> read !)... What can be so greedy for efw so he cannot go for more than >> this download rate... what can set a limit ? the conf is the same on the >> 2 installation (no proxy, no out firewalling, 1 orange and a couple of >> port forwarding) >> > I came back to ipcop and here we are, again 1.6 MB compared to 250 KB > (and not MB as written above... my mistake ! i wish i have a 250 MB band > :-) ) > > The hardware has not changed, the services are the same.... i don't need > content filtering so i think i'll stick to ipcop for the moment, but i'd > like to understand what's the problem (if problem it is) > > Stéphane > > I'm not sure if most users here understand that EFW was a fork from IPCop about 15 IPCop updates ago in the 1.4 branch. A lot of addons that are made for IPCop by various addon writers are already a part of EFW. I always thought that many who load down IPCop with a dozen addons should try EFW. I prefer IPCop for my needs and it is the basis of my Raqcop project which is IPCop made to run on Cobalt hardware. Any filtering that is added to a firewall/router will cause the cpu and memory requirements to grow drastically if they are used. In either case, Snort in addition to giving numerous false positives due to bogus rules that will be superseded on the next rules update with new rules of which many will turn out to be bogus, you lose about 100MB of ram for each monitored interface. Most experienced users only enable on green, your log summary is far more useful to see unsolicited attempts, the ones that show on red and have dest none, that means they were dropped and the firewall did it's job. Probably the one thing I can say for sure is that you can never have too much ram. |