nf-HiPAC progress ? 6 months later11 Mar 2008 6 months ago, I asked the netfilter-devel mailinglist about the status of nf-HiPAC in netfilter. Because of the upcoming netfilter workshop at that time, the question was postponed.
During the workshop, nf-HiPAC was discussed and it was concluded that nf-HiPAC would be integrated into mainstream netfilter.
However, after 6 months, the HIPAC website remains unchanged.
So, now what ? My current firewalls are dangerously outdated and I feel the pressing need to upgrade and review my current setup. At this moment, I'm not very confident in the future of nf-HiPAC and because netfilter by itself can not pull the load (hence why nf-HiPAC exists), I'm forced to consider less pleasant alternatives.
One possibility is to order my firewall rules for optimal performance. This means I need to review all the rules in the firewall (13000 as of this moment) and clean them up. Of course this can't hurt, but it's not a motivating prospect and I really have better things to do.
Another option would be to split the rules over several netfilter firewalls, which means setting up more hardware and making the networksetup more complex. Again, not something to look forward to.
A last option I envision right now, is to consider commercial firewalls. Those cost a ton of money and are less flexible than I would want. I don't even want to think about the crappy interfaces (GUI, web) that such things usually are accompanied with.