Iptables vs. Cisco PIX

John A. Sullivan III jsullivan at opensourcedevel.com
Fri Apr 8 20:59:11 CEST 2005

On Fri, 2005-04-08 at 13:28 -0400, Jiann-Ming Su wrote:
> On Apr 8, 2005 11:05 AM, Alejandro Cabrera Obed <sisdis at tournet.com.ar> wrote:
> We have a quad PIII Dell PowerEdge 6450 running iptables protecting
> the residence halls on a college campus.  It gets syn flooded
> constantly, handles 90k peak connections, load average of 1.0, all on
> 1GB of RAM.  The only short coming of iptables is the lack distributed
> management and lack of a high availability solution.  Distributed
> management is only a problem if you're managing more than several
> firewalls.  And, lack of HA makes it harder to deploy iptables fully
> on the enterprise.
Distributed management for iptables (and other firewalls) is exactly the
goal of the ISCS project (http://iscs.sourceforge.net).  The project
provides a more efficient administration tool than the most expensive
management frameworks like Solsoft, SmartPipes or Provider1 and is
entirely open source.

As my hours available for the project have reduced dramatically over the
last eight months, we (the seven other volunteers plus myself) could use
as much help as anyone can give.  If you are in need of distributed
management capability for iptables (as well as *swan, kernel IPSec,
iproute2, network level user authentication and some PKI management) or
have an academic interest and some time available, please contact me via
e-mail or phone.  Thanks - John
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

Financially sustainable open source development

More information about the netfilter mailing list