All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steven M Campbell <Netfilter@SCampbell.net>
To: netfilter@lists.netfilter.org
Subject: Re: iptables-restore vs iptables-restore --noflush performance
Date: Mon, 25 Jul 2005 15:27:32 -0400	[thread overview]
Message-ID: <42E53D24.2020203@SCampbell.net> (raw)
In-Reply-To: <63d3731e050725121353083b32@mail.gmail.com>

Joubert Berger wrote:
>Anyone know why I would get a big performance difference between
>"iptables-restore" and "iptables-restore --noflush"?
>
>I have 6600 rules.  If I load with iptables-restore, it takes about 30sec.
>If I use noflush, that turns in 1 min and 20+ seconds.
>
>--joubert
>
>  
Because you have 6600 rules and when you use no-flush you are adding 
another 6600?  If you do it several
times in a row I'll bet the time keeps getting worse.

The insert time for each rule is, among other things, dependent on the 
number of rules that
must be searched/manipulated, thus an explanation for the times you see.

You should only use --noflush if you really intend to add rules to the 
current  rule set rather
than replace them all.  What are you trying to accomplish here?




  reply	other threads:[~2005-07-25 19:27 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-25 19:13 iptables-restore vs iptables-restore --noflush performance Joubert Berger
2005-07-25 19:27 ` Steven M Campbell [this message]
2005-07-25 20:46   ` Joubert Berger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42E53D24.2020203@SCampbell.net \
    --to=netfilter@scampbell.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.