There are various bits of performance tuning you can do to get the most out of your firewall. As it is fundamentally a network device, network tuning is the main focus. The 2.4 kernel used in the current IPCop is pretty good at auto-configuring the network, but if you have memory to spare and a high-bandwidth upstream connection, or if you use gigabit locally, you can get some performance increase using the changes below.

Network Tuning Quick Fix

For Gigabit networks with 1G of RAM

Append to /etc/sysctl.conf

net/core/rmem_max = 8738000
net/core/wmem_max = 6553600
net/ipv4/tcp_rmem = 8192 873800 8738000
net/ipv4/tcp_wmem = 4096 655360 6553600

Then run

sysctl -p

Then edit /etc/rc.firewall.local and add

ifconfig <interface> txqueuelen 2000

for each available interface. If you see large numbers of collisions on any interface after this change, reduce the txqueuelen by 50% and check again. Repeat (taking it to 500) if needed.

For 100Mbit networks or with memory constraints

Append to /etc/sysctl.conf

net/core/rmem_max = 873800
net/core/wmem_max = 655360
net/ipv4/tcp_rmem = 8192 87380 873800
net/ipv4/tcp_wmem = 4096 65536 655360

Then run

sysctl -p

Then edit /etc/rc.firewall.local and add

ifconfig <interface> txqueuelen 1000

for each available interface. See notes above re: collisions.