iptables. 32 or 64?

Eric Shubert ejs at shubes.net
Mon Jul 23 11:41:55 MST 2012


On 07/22/2012 04:04 AM, kitepilot at kitepilot.com wrote:
> Hello World:
> I run my firewall on a LFS box.
> Everything on it is compiled from source.
> No bells and whistles, only the essential software is installed.
> The hardware is 64 bits but I've been running 32 bit OS.
> This time around I am wondering...
> The question is:
> Is there any advantage to compiling the whole iptables enchilada in 64
> bits?
> Should it be avoided?
> Please note that the 'normal' rules like 'more than 4GB and/or
> 32-bit-adobe' do not apply here, what I am looking for is whether
> filtering/marking will be faster/slower and (if known) why.
> Any ideas?
> Tnx
> ET

I trust Joseph's answers to just about everything, including this.

On a side note, I'd like to point out that having a compiler on a 
security device such as a firewall (or any linux host for that matter) 
is a bit of a security risk, as some malware relies on being able to 
compile the code on the compromised host. So if your intention by using 
LFS is to make your firewall more secure, you might be coming up short 
if you're building the software on the firewall host itself. Personally, 
I use IPCop, which is (also) LFS based.

-- 
-Eric 'shubes'





More information about the PLUG-discuss mailing list