> Continuing this post: > > Adding a rule multiple times shows multiple entries in > iptables -L output. My question is : does it have any > performance impact on packet processing ? Yes. > Should not be because as soon as a rule is matched, it should come > out, Right? Well, what about the other rules that follow the duplicates ? Netfilter has to check all duplicates before it reaches a rule that is different. You may not notice the performance hit if you have a small ruleset, but you will if you have a large one. Gr, Rob
