In your message of Wed, 01 Jun 1994 17:30:06 BST, you say:
>The Livingston IRX routers do very well on filter design;
>you can block based on source or destination port, for all
>or a specified block of hosts, for all traffic, or by
>protocol (TCP/UDP/ICMP).
>
>Disadvantages include a maximum of 4 ports on existing models
>(2-T1 and 2-56k) and a noticable slowdown as the rules sets
>get more complex. There's a AMD 486-40 on the board but
>they're apparently only running at 25 MHz, and the filter
>rules seem to eat up CPU. Livingston is making sounds like
>this will be improved on the next model.
Yep, the filtering is excellent. However, the rules are evaluated
from the top down, so the most frequently used rules can be
prioritised (eg. allow TCP packets from established
connections); would this fix the "noticable slowdown"?
Unfortunately though, they apparently have no plans to add
ICMP protocol-based filtering. Give them a ring if you've got
one of their routers, and tell them to add it.
--
Justin Mason I do not speak for Iona.
<jmason @
iona .
ie>, with a hyplan at: http://www.iona.ie/www/hyplan/jmason.html
Follow-Ups:
References:
|
|
