On Thu, 2015-01-22 at 18:51 +0000, Neal Murphy wrote: > On Thursday, January 22, 2015 10:40:20 AM Eliezer Croitoru wrote: ... > > > First deal with packets that are always blocked or may be blocked depending on > the current time. REL/EST that get past that are accepted. The remainder are > NEW and can be handled as slowly and excruciatingly as desired. Of course, you > DROPped INVALID packets very early, in mangle:PREROUTING; it isn't worth > wasting even one extra CPU cycle to process those since netfilter has no idea > why it received them and has no idea what to do with them. "Thentuwion! Thwow > it to the gwound!" Ah, about eleven, sir! > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
