Using several rules in iptables can massively slow down a server. You may think of nonsense like 30-40 rules, but I experienced such behaviour with just 8 rules on a descent machine. I don't know whether this changed nowadays, but since then we're using OpenBSD for such critical tasks :-)
By the way, something in favour of OpenBSD:
Quote:
The folks at undeadly.org have started posting “how I discovered OpenBSD” stories. This isn’t a story of how I discovered OpenBSD, but rather why I like it. Before you ask, I don’t have similar stories about any other operating system, not even any other BSDs. I was guided to FreeBSD in 1995, and I discovered NetBSD on my own shortly after. (An earlier version of this was previously published in a small promo pamphlet handed out at a tech conference years ago.)
|
http://blather.michaelwlucas.com/?p=605