Hi Patrick, The following patches add one target for arptables, one target and one match for iptables. They are useful to setup active/active setups both for gateways with connection tracking support and back-end servers. [PATCH 1/3] netfilter: arptables: add mcmangle target [PATCH 2/3] netfilter: xtables: add PKTTYPE target [PATCH 3/3] netfilter: xtables: add cluster match One node of my testbed in an primary/backup setup performs very simple stateful filtering and NAT of ~21000 TCP connections per second. By using these target/matches appropriately, my two firewall nodes (multi-primary setup) can filter traffic reaching up to ~30000 connection per second, which means a gain of ~40% more. I don't know yet the limit of this solution in terms of scalability as I also have two firewall nodes. Please, let me know if this approach is ready for merge to the 2.6.30 tree ;). -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
