in-memory table change

in-memory table change

[Július Bemš]

Hello,

I have to try solve this problem:
-If there is a lot of rules in the packet filter table, it takes a quite
long time for 'iptables' to add a new rule (the change will be seen
sometimes in 30 seconds).
-I don't know how 'iptables' exactly works, but I thinked about changing 
rules exactly in the table, which is in-memory. It could take less time than
'iptables'

So my question is: Is this what I have described real? If yes, are there
some utilities by which I can change in-memory packet filter table? Because
I want avoid writing some code in c.

Thank You for reply

Re: in-memory table change

[Martijn Lievaart]

Július Bem¹ wrote:
> Hello,
>
> I have to try solve this problem:
> -If there is a lot of rules in the packet filter table, it takes a quite
> long time for 'iptables' to add a new rule (the change will be seen
> sometimes in 30 seconds).
> -I don't know how 'iptables' exactly works, but I thinked about changing
> rules exactly in the table, which is in-memory. It could take less time than
> 'iptables'
>
> So my question is: Is this what I have described real? If yes, are there
> some utilities by which I can change in-memory packet filter table? Because
> I want avoid writing some code in c.
>

Do you use iptables--restore? If not, look into that. If yes, well, I'm
afraid I cannot help you.

HTH,
M4