Re: iptables -A or iptables -I?

To: debian-firewall@lists.debian.org
Subject: Re: iptables -A or iptables -I?
From: "Martin G.H. Minkler" <dukeofnukem@gmx.net>
Date: Wed, 20 Oct 2004 13:03:27 +0200
Message-id: <[🔎] 417645FF.3070107@gmx.net>
Reply-to: ifpadmin@uni-bonn.de
In-reply-to: <[🔎] 20041020085800.GW1688@aran.roka.net>
References: <[🔎] 417543EF.4070105@gmx.net> <[🔎] 20041020065429.GA19136@workaround.org> <[🔎] 20041020085800.GW1688@aran.roka.net>


Alohá!

Rainer Nagel wrote:

Another speedup can be achieved by using iptables-restore and creating
its input file with the script.

Ever so true, that actually is the best solution when it comes to inputspeed - does of course not solve the dirtyness of that ruleset ;-)Anyway, to point every beginner and even the advanced to a really goodsource: I myself started pulling old printouts from the shelf to read upon the issue and once again I was amazed by the depth and quality ofhttp://iptables-tutorial.frozentux.net by Oskar Andreasson

That's also where I found the passage stating that when stuff is beinginserted, appended or altered the whole ruleset is being pulled out ofkernelspace, updated and reinserted. (Chapter 5 'Saving and restoringlarge rulesets, 5.1 'Speed considerations').




best regards

Martin

Reply to:

References:
- iptables -A or iptables -I?
  - From: "Martin G.H. Minkler" <dukeofnukem@gmx.net>
- Re: iptables -A or iptables -I?
  - From: Christoph Haas <email@christoph-haas.de>
- Re: iptables -A or iptables -I?
  - From: Rainer Nagel <rainer.nagel@freenet-rz.de>

Prev by Date: Re: iptables -A or iptables -I?
Next by Date: iptables-save/restore with dynamic IP
Previous by thread: Re: iptables -A or iptables -I?
Next by thread: Re: Mail Delivery (failure jkhoo@macsense.com.au)
Index(es):
- Date
- Thread