> On 9/13/05, Peggy Kam <ppkam@xxxxxxxxx> wrote:
> > What is the maximum number of policies I can define in the
> > iptables? ie. how much memory is allocated for iptables?
I'm sure the answer is in the kernel source code if you need it. This
forum is more for users than developers. You could try asking on LKML
or on netfilter-devel, but I don't think you would be well-received
there unless you showed an effort to find your own answers.
Opinion as a user: it's probably dynamically allocated; more memory is
used in cases where there are more rules, or where the rules require.
Remembered from Googling: it's not ever likely to be a factor.
Personal experience: an 8MB 80386 is quite capable of handling NAT for
home and small business broadband connections. I increased the default
number of connection tracking table (ip_conntrack_max) entries, but
otherwise had no problem.
On Tuesday 2005-September-13 22:41, Edmundo Carmona wrote:
> that's a NFI for me. A whole bunch.... I've seen red hat scripts that
> are way longer than mine. ;-)
I think it's safe to say that if you're making that many rules, you're
doing something wrong. :) I said the same thing in this thread to this
poster over a month ago.
Red Hat iptables rules (that I have seen) are terrible. Do they have
anyone on staff who understands firewalling? If so, they're not working
on the firewalls.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
