Re: IPTABLES
From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: 09/10/03
- Next message: erik: "Re: Files gradually disappearing"
- Previous message: Jem Berkes: "Re: Files gradually disappearing"
- In reply to: emgrc: "IPTABLES"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Sep 2003 08:32:33 -0700
In article <3e35fde0.0309100053.7fa2655c@posting.google.com>,
emgrc wrote:
> My question is how does the iptables engine reads the rules? Will i
> gain anything in terms of performance if i define every single host
> directly in the rule?
Good question. I'm not sure. Netfilter has a mailing list where you
might get an informed answer. I can tell you from a user's perspective
that complex iptables rules run quite well on even very poor hardware,
with no noticeable impact on CPU usage. My previous personal firewall
box was a 386 with 8MB RAM, which consistently showed load averages
under 0.1.
I recently crashed a firewall machine with a root oops, recursively
respawning a daemon. None of the running services were able to respond
to incoming connections, yet the existing iptables rules were still
doing their jobs with no slowdown.
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
- Next message: erik: "Re: Files gradually disappearing"
- Previous message: Jem Berkes: "Re: Files gradually disappearing"
- In reply to: emgrc: "IPTABLES"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
