Joubert Berger wrote:
Anyone know why I would get a big performance difference between
"iptables-restore" and "iptables-restore --noflush"?
I have 6600 rules. If I load with iptables-restore, it takes about 30sec.
If I use noflush, that turns in 1 min and 20+ seconds.
--joubert
Because you have 6600 rules and when you use no-flush you are adding
another 6600? If you do it several
times in a row I'll bet the time keeps getting worse.
The insert time for each rule is, among other things, dependent on the
number of rules that
must be searched/manipulated, thus an explanation for the times you see.
You should only use --noflush if you really intend to add rules to the
current rule set rather
than replace them all. What are you trying to accomplish here?
