It´s true, that you can use a 486 for Firewall, but a prefer to a P-II or AMD K6-2 as minium requieremnt for 1 Mbit. The problem ist not the traffic, but the syslog. We have serveral costumers, who are connected with 2 mbit. If someone portscan your system or tries an dos-attack, increased your system load dramaticly and the traffic stops :(
Nah... The syslog.conf manpage states that if a logfile is preceded with a "-" (like in *.* -/var/log/allmessages ), then the syslogd will not call fsync() after a write() to this file. By consequence, the load will remain small. Generally, it's a good idea to fsync() all logfiles especially if something really urgent has been logged (like a failing disk). Typically, such logs are from the kernel, which leads to believe that all kernel logs should be synced at once. Unfortunately, firewall messages are kernel logs as well, and then you have to change the perspective. If your syslogd takes to much time to sync the data to disk, the kernel messages ringbuffer (/proc/kmsg) might overflow and some messages might geht lost. Roman.