> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Jan Eidtmann > Sent: Wednesday, September 14, 2005 8:43 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: big table tweaks ? > > hello, > > i have one kind of big table with 80.000+ rules. its > referenced in INPUT. lookup (when someone wants to connect) > is kinda slow and system hangs noticable (desktop usage). i > tried preemptive and non_preemptive kernels, its all the > same. so, is there anything i could tweak to make this run smooth? > > thx in advance, > jan > > > note: i am not subscribed... It would help knowing what you are trying to accomplish with those 80,000 rules. When I build a firewall, I know what each rule is for. I would have a hard time keeping track of 800 rules, let alone 80,000. You said this is referenced in INPUT, are you running services on this host? Is it multi-homed? Are you blocking all the /24 networks of everybody you don't like? Is -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT the first INPUT rule? Is this a Red Hat box? (sorry, had to ask) Derick Anderson
