On Thu, 2008-05-15 at 13:18 +0200, Jan Engelhardt wrote:
> On Thursday 2008-05-15 12:57, Anton wrote:
>
> >Definitelly what my test shows - while rule-inserts - if you
> >try to insert 10000 rules - after a several hundreds - it
> >will be inserting like a 1 rule in 1 second and slowness
> >will progress :)
>
> Your insertion slowness is probably due to incorrect use of iptables.
What do you mean by that? Isn't it a fact, that the iptables command
utility and to a lesser extent also iptables-restore is pretty slow in
updating the ruleset when you have a large number of rules, simply
because it copies the entire ruleset to userspace, modifies it there,
and then copies the resulting rule set back to the kernel?
Curious...
Thomas
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
