I'm trying to track down why my iptables-script is slow (takes minutes),
and found something very interesting.
Running iptables v1.1.1 on kernel 2.4.2, this is basically what I do,
without getting into details I assume isn't interesting:
# flush and delete all old rules, create some new:
iptables -F ...
iptables -X ...
iptables -N ...
...
# set default policy
iptables -P FORWARD-j DROP
# add a lot of rules (about 500) in different chains (about 20):
iptables -A fw ... # the main chain
iptables -A chain1 ...
iptables -A chain2 ...
...
# so far so good, processed in a few seconds
# finally, link the whole thing to the forward-rule.
iptables -A FORWARD -j fw
# that last command takes a few minutes(!) to execute.
# seems to work a lot faster if it's put in the beginning of the script,
# but that's not where I want it
Does anyone have any idea why it takes so long time to add that last rule?
Is it bubblesorting the table or something like that? :)
Please advise. Thanks a lot in advance!
Best Regards
Robban
and found something very interesting.
Running iptables v1.1.1 on kernel 2.4.2, this is basically what I do,
without getting into details I assume isn't interesting:
# flush and delete all old rules, create some new:
iptables -F ...
iptables -X ...
iptables -N ...
...
# set default policy
iptables -P FORWARD-j DROP
# add a lot of rules (about 500) in different chains (about 20):
iptables -A fw ... # the main chain
iptables -A chain1 ...
iptables -A chain2 ...
...
# so far so good, processed in a few seconds
# finally, link the whole thing to the forward-rule.
iptables -A FORWARD -j fw
# that last command takes a few minutes(!) to execute.
# seems to work a lot faster if it's put in the beginning of the script,
# but that's not where I want it
Does anyone have any idea why it takes so long time to add that last rule?
Is it bubblesorting the table or something like that? :)
Please advise. Thanks a lot in advance!
Best Regards
Robban