Re: FireHOL Question
El Viernes 24 Septiembre 2004 07:42, Daniel Pittman escribió:
> On 22 Sep 2004, vizi0n wrote:
> > Thanks for the reply, but I managed to do it without any help! I really
> > like it when I get it all done by myself :)
> > I'm using DNAT and SNAT and it works like a charm :)
> >
> > The only thing is that FireHOL takes a looooooooong while to load while
> > booting or just when restarting the service, it takes a big 30 seconds to
> > 1 full minute to load. Any way to make it load quicker?
>
> Rewrite it in some language other than a huge bash shell script. :)
>
> Seriously, the biggest performance hit is that bash is enormously slow
> while it chews through the central loop and builds the iptables
> commands.
>
> Actually installing the firewall once it has compiled is very fast.
>
> Alternatively, rewrite it so that it can compile a stand-alone (or close
> to it) shell script that builds the firewall, and then use that to
> remove the need to "compile" it each time you start the script.
>
>
> ...besides, do you /really/ reboot your firewall that often?
What I did on my Debian FWs is to use firehol to setup the FW, but remove it
from the start init scripts, ones the FW is loaded and running I run
iptables-save > /var/lib/iptables/active and thats all, the init.d script
of iptables does the rest.
Best Regards
Reply to: