On Thu, 2004-09-16 at 10:10, Alaadin wrote: > Hello, > > how many ip tables rules can i add ? > i added already 40 > if i added untill 100 or 500 rule > would this make problems ? > would this make the system lag ? > would this make the system hang > how many ip tables rules can i add ? or its unlimited? You can add many more than 500! For the complex security we manage on the ISCS project (http://iscs.sourceforge.net), we frequently encounter rule sets many times this size. As your rule set grows, you will want to pay attention to two particular needs: 1) Optimize the traversal of your rule sets by using user defined chains. This is analogous to database indexing. Sort your packets as they come in and direct them to a subset of the total rules. 2) Optimize the load time of the rules. This is noticeable even with relatively small rule sets. Use iptables-restore -n instead of loading each rule separately with an iptables command. Hope this helps - John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
