Re: IPTABLES

From: Mike (foor_at_bar.com)
Date: 09/10/03

• Next message: s.j.cliffordSPAM_at_MAPSucl.ac.uk.invalid: "Re: Files gradually disappearing"
• Previous message: Leura: "Re: Files gradually disappearing"
• In reply to: emgrc: "IPTABLES"
• Next in thread: /dev/rob0: "Re: IPTABLES"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 10 Sep 2003 12:01:08 GMT

eduardo.campos@siemens.com (emgrc) wrote in
news:3e35fde0.0309100053.7fa2655c@posting.google.com:

> My question is how does the iptables engine reads the rules? Will i
> gain anything in terms of performance if i define every single host
> directly in the rule?
>

Rules (except default policy) are created sequentially in the same order as
they're in the script, so probably you already did something to enhance
performance creating a group.
Fine detail is OK if you need to specify different rules for different
hosts.
Take care to allow everything that has to be allowed as close as possible
to the beginning of the script. This is really the only "tweak" for
performance (except if you plan to do fancy stuff like QoS ;-)
Cheers,

-- 
Nekromancer
"El nivel de conocimientos adquiridos es
inversamente proporcional a la temperatura del cafe"

---

• Next message: s.j.cliffordSPAM_at_MAPSucl.ac.uk.invalid: "Re: Files gradually disappearing"
• Previous message: Leura: "Re: Files gradually disappearing"
• In reply to: emgrc: "IPTABLES"
• Next in thread: /dev/rob0: "Re: IPTABLES"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)