From: Julien Vehent <julien@linuxwall.info>
To: netfilter@vger.kernel.org
Subject: Re: Double stack IPv4&&IPv6 for a firewall
Date: Sat, 25 Aug 2012 23:38:10 -0400 [thread overview]
Message-ID: <306406300a671d4e33566184738d9563@linuxwall.info> (raw)
In-Reply-To: <alpine.LNX.2.01.1208250137290.30075@frira.zrqbmnf.qr>
On 2012-08-24 19:46, Jan Engelhardt wrote:
> On Friday 2012-08-24 23:12, Arturo Borrero wrote:
>>You usally set your ruleset in this way:
>>
>>$IPT -A INPUT -i $IF -s $INTERNET -d $MYSERVER -p tcp --sport 1024:
>> --dport
>>$SSH_PORT -j ACCEPT
>
> If you begin with something like this, no wonder it's all going slow,
> because you are needlessy reloading all the damn rules.
> That's why smart people use iptables-restore.
>
Oh, only about ~2000 times faster in my tests :p
http://www.slideshare.net/slideshow/embed_code/14051936?startSlide=22
--
Julien Vehent - http://jve.linuxwal.info
next prev parent reply other threads:[~2012-08-26 3:38 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-24 10:40 Double stack IPv4&&IPv6 for a firewall Arturo Borrero
2012-08-24 14:29 ` John A. Sullivan III
2012-08-24 14:41 ` Jan Engelhardt
[not found] ` <CAPfcJatemcsT5PK+m8__xhB7gBRinAuq2wNX_g93CQrSmvtDhQ@mail.gmail.com>
2012-08-24 23:46 ` Jan Engelhardt
2012-08-26 3:38 ` Julien Vehent [this message]
[not found] ` <CAPfcJaugwb5DboUYGAfEktHCDZX0KxdCWdS9CyAu3rh94P8inQ@mail.gmail.com>
2012-08-28 8:55 ` Arturo Borrero
2012-08-28 11:43 ` Julien Vehent
2012-08-28 11:45 ` Amos Jeffries
2012-08-28 12:08 ` Arturo Borrero
2012-08-28 12:21 ` Amos Jeffries
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=306406300a671d4e33566184738d9563@linuxwall.info \
--to=julien@linuxwall.info \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox