Good evening list, Am I wrong in presuming that the last few years' worth of Atoms and gigabit NICs will do? I would have presumed by now that netfilter is long able to even use cheap gigabit NICs and CPUs and achieve at least 1 GigE on two NICs simultaneously? I need to: - run a firewall and router (maybe some 20-40 nftables or iptables rules MAX) - minimal QoS—reasonable fairness, that's it - switch 6-7 interfaces maybe on the same LAN or two (some tagged VLAN) with little LAN-LAN traffic using a bridge netdev², not tc actions³ nor a vlan netdev⁴. - Little logging - No web UI, no other daemons but dnsmasq and sshd (and journald, smart…, etc., but none facing the net). No Snort, no IPsec termination, no routing protocols, nothing otherwise but the kernel the overwhelming majority of the time unless I decide to export stats to another server, for monitoring, or directly to GCP via fluentd¹. Just a plain Linux distro, ip route or systemd-networkd, and iptables/nftables. I've had great CPUs these last 12 years, starting with a first gen i7, so I don't have a sense of the power of anything lower cost, or netfilter's performance under that. So far, I see either short 1U rackmounts at 500-700, or i3s at 1200+. The only other things I've run have been 12 year old Atoms, or worse, 400 MHz Geode LXes (i586, a Soekris net5501), and that thing could barely do 100 Mbits reliably without the box crashing anyway for some other, still-unknown, reason. Thanks. Regards, Alex Pilon ¹: https://github.com/GoogleCloudPlatform/fluent-plugin-google-cloud ²: bridge(8) ³: tc-vlan(8) ⁴: ip-link(8), type vlan To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org To visit the archives: https://lists.linux-ottawa.org