On 01/02/2011 06:16 AM, Thomas Woerner wrote: > On 12/27/2010 08:42 PM, Casey Dahlin wrote: >>> Can I ask a stupid question? Does dbus have the kind of performance >>> necessary to support this type of application? >>> >> >> What kind of performance do you think is necessary? Its just a >> configuration interface, its not like its pushing all your packets >> through dbus or asking the bus every time it needs to make a routing >> decision (or did I miss something? I'd certainly hope not). >> >> --CJD > > There will be an optional firewall mode, where you can define firewall > features, the user will be asked about, but this will be limited to new > connection attempts and not all packets in an established connection. > I have no idea how you're implenting this - but if you're using iptables to change the rules the performance can be truly awful when you have more than a few rules. (I have a lot of rules on our primary border firewall). I switched to iptables-restore and got 2 orders of magnitude speedup (yes that is indeed over 100 times faster!!) - something to consider. gene/ -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
