>What is the packet filtering overhead for a router?
I've heard people mention that access lists impose a significant overhead;
the box is so much faster than 56Kbps or T1 speeds that it doesn't matter.
>My colleague was not convinced, and feels that the filtering
>overhead alone slows up a router so much that a dual-homed gateway
>is thus the better firewall.
Either way, something has to look at packets to enforce a security policy
and endure some overhead.
Some don't like to put all their eggs in one basket and use both a router
and a gateway. Most security schemes (banks, military facilities,...) use
a layered approach.