Michele Petrazzo - Unipex srl wrote: > Hi list, > I'm seeing that the execution of an iptables update via a shell script > take very different time into a my "in production" server and on my test > server. My script has about 1500 iptables commands and simple insert a > rule on a table. > > On my in production server, it takes about 45 sec and on my test server 4! > My server are 2x Xeon 2.6GHz (so 4 cpus) with 2.6.26 on x86_64 SMP with > 2GB ram and my test server amd 3000+ with 2.6.26 i686 1GB, > > Can be that, on the production server that has a lot of connection it > take so lot of time due the connections (I try to say that it has to "lock" > the kernel before and "unlock" after an iptables add) or there can be some > problems? I think that it's taking the time in forking and executing, but you can do some profiling so we can stop speculating. > P.s. Yes, I know that the same rules with iptables-restore on my test > server takes about 0.5 sec :) So, why don't you use that interface? :) -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
