18 Jan
2007
18 Jan
'07
5:04 a.m.
On Fri, 19 Jan 2007 at 12:31:27 +1300, Jasper Bryant-Greene wrote:
Anybody encountered anything similar? Is it likely to simply be related to the number of rules?
I reduced the CPU usage on our iptables based firewalls by a large proportion by making sure there were rules allowing ESTABLISHED and RELATED connections through relatively early in the rule set for each table. This is on a set of some 2000 rules. If every packet has to traverse a large rule set you will see reduced performance. Regards, Nigel