On tor, 2008-05-15 at 11:34 +0200, Eric Leblond wrote: > On Thursday, 2008 May 15 at 14:21:23 +0500, Anton wrote: > > Regarding the performance of the lookup of the iptables > > rules for match inside the kernel, is there any plans to > > improve the behaviour or no plans in this area yet? > > Nf hipac is an alternative: http://www.hipac.org/ Unfortunately a somewhat dead one as MARA Systems after all has selected to develop this privately in future, so it's quite unlikely NF-HiPAC will see any significant updates unless someone else picks up the project. Also it's insert performance is not the best in all cases (depends on the structure of your ruleset and what kind of rule you insert). But lookup speeds is always great. Regards Henrik -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
