John A. Sullivan III wrote: > > We handle it by adding rules via iptables-restore rather than iptables. > The load time difference is remarkable. You write your rules into files > with very similar syntax to iptables and then direct them into > iptables-restore, e.g., The new Perl-based Shorewall rules compiler has adopted this same strategy. As John says, the difference in performance is remarkable. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@xxxxxxxxxxxxx PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Attachment:
signature.asc
Description: OpenPGP digital signature