Considering that the vast majority of non-Cisco commercial firewalls are based on some version of IP Tables, I don't think that is where your problem is. You haven't provided much information- 1. What is your hardware? 2. What sort of speed are you aiming for? 3. Which Linux kernel are you using?
We currently have a pair of Linux iptables firewall boxes that are being replaced in a month's time with a pair of Cisco ASA firewalls.
Recently during testing we noticed transfer rates through the Ciscos (attached to the same Cisco routers on the other side) is over 30x faster than through the iptables firewalls.
I know that iptables isn't hugely fast, there's a reason you pay for Ciscos etc etc, but the resources I have read usually indicate that iptables slowness is related to massive rulesets. We have 2415 rules, which I don't consider to be *that* many...
The boxes aren't heavily loaded (about 10% system, 90% idle), and have plenty of free memory. They aren't swapping. I've tested turning off logging, which had virtually no effect.
Anybody encountered anything similar? Is it likely to simply be related to the number of rules?
Cheers Jasper