Harald Welte
Thu, 28 Mar 2002 02:01:36 -0800
On Thu, Mar 28, 2002 at 11:33:31AM +0200, Nigel Kukard wrote: > hrmm, interesting question this.... > > would it be faster to reload say about 100 rule tables one by one > when needed, or push all the firewall tables/rules (say bout 20,000 > rules) with iptables-restore at one time?
iptables-restore is using one atomic transaction to replace one whole table. iptables when changing a single rule is using one atomic transaction to replace the whole table as well. So I doubt there was much difference between the two of them. However, if you want to change 100 rules, using iptables is 100 times the overhead as iptables-restore. > Regards > Nigel Kukard (General Manager) -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)