Hi, On Wed, Oct 20, 2004 at 08:54:29AM +0200, Christoph Haas wrote: > On Tue, Oct 19, 2004 at 06:42:23PM +0200, Martin G.H. Minkler wrote: > > Just out of curiosity - which is faster (what kind of datastructure does > > iptables use)? > > > > a) iptables -A <chain> <rule> > > b) iptables -I <chain> 1 <rule> > > > > Maybe this is rather a kernelspace question and should be directed to > > that mailing list? > > I attended a speach of one of the netfilter programmers at the LinuxTag > last year. He said that the what makes the shell command "iptables" slow > is that the whole rules table is copied out of the kernel space, a rule > gets added and the whole rules table is written back. They plan to > change that in the future so that iptables can directly change the > kernel space. Another speedup can be achieved by using iptables-restore and creating its input file with the script. Ciao -- Rainer Nagel Rainer.Nagel@freenet-rz.de freenet.de AG Tel.: +49 211 53087 423 WillstätterStr. 13, D-40549 Düsseldorf Fax.: +49 211 53087 500 Vorstand: Eckhard Spoerr (Vors.), Axel Krieger Amtsgericht Hamburg Vorsitzender des Aufsichtsrates: Prof. Dr. Helmut Thoma HRB 74048
Attachment:
signature.asc
Description: Digital signature