(forgot cc: list first time around) On Mon, Aug 8, 2011 at 14:51, Marek Kierdelewicz <marek@xxxxxxxxx> wrote: > Hi, > >>Has anyone ever researched the latency of xtables when a Linux box >>functions as a firewall? > > This paper is a nice read: > http://www.google.com/url?sa=t&source=web&cd=6&ved=0CE0QFjAF&url=http%3A%2F%2Fcourseware.ee.calpoly.edu%2F3comproject%2FPublished%2520Papers%2Fsecurity.pdf&rct=j&q=iptables%20netfilter%20latency%20paper%20pdf&ei=2pI_Tu-VKITJswbov5Qg&usg=AFQjCNFjUZwGHDhdBhtxwQgqlQbYCMjBFw&cad=rja > Whoa, very nice paper! Thanks for the link; my Google-fu failed to find that > It's very detailed on the issue of rule overhead (Conclusion 5.1 b). > Unfortunately paper is from 2002. Since then most of the code was > rewritten. Maybe we, as netfilter community, should lobby some > university professor to let his students do a *remake* of this > work ;-). Anyone here with ties to education sector? > A 'remake' would be okay, IMO, since both the hardware platform *and* the code itself have been evolving. Maybe with more test cases/scenarios, and a *huge* and/or comples iptables rules :-) Rgds, -- Pandu E Poluan ~ IT Optimizer ~ • Blog : http://pepoluan.tumblr.com • Linked-In : http://id.linkedin.com/in/pepoluan -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
