Re: FireHOL Question
On 22 Sep 2004, vizi0n wrote:
> Thanks for the reply, but I managed to do it without any help! I really like
> it when I get it all done by myself :)
> I'm using DNAT and SNAT and it works like a charm :)
>
> The only thing is that FireHOL takes a looooooooong while to load while
> booting or just when restarting the service, it takes a big 30 seconds to 1
> full minute to load. Any way to make it load quicker?
Rewrite it in some language other than a huge bash shell script. :)
Seriously, the biggest performance hit is that bash is enormously slow
while it chews through the central loop and builds the iptables
commands.
Actually installing the firewall once it has compiled is very fast.
Alternatively, rewrite it so that it can compile a stand-alone (or close
to it) shell script that builds the firewall, and then use that to
remove the need to "compile" it each time you start the script.
...besides, do you /really/ reboot your firewall that often?
Daniel
--
It [Australia] has more things that will kill you than anywhere else.
Of the world's ten most poisonous snakes, all are Australian.
-- Bill Bryson, _In a Sunburned Country_
Reply to: