El Viernes 24 Septiembre 2004 07:42, Daniel Pittman escribi�: > On 22 Sep 2004, vizi0n wrote: > > Thanks for the reply, but I managed to do it without any help! I really > > like it when I get it all done by myself :) > > I'm using DNAT and SNAT and it works like a charm :) > > > > The only thing is that FireHOL takes a looooooooong while to load while > > booting or just when restarting the service, it takes a big 30 seconds to > > 1 full minute to load. Any way to make it load quicker? > > Rewrite it in some language other than a huge bash shell script. :) > > Seriously, the biggest performance hit is that bash is enormously slow > while it chews through the central loop and builds the iptables > commands. > > Actually installing the firewall once it has compiled is very fast. > > Alternatively, rewrite it so that it can compile a stand-alone (or close > to it) shell script that builds the firewall, and then use that to > remove the need to "compile" it each time you start the script. > > > ...besides, do you /really/ reboot your firewall that often?
What I did on my Debian FWs is to use firehol to setup the FW, but remove it from the start init scripts, ones the FW is loaded and running I run iptables-save > /var/lib/iptables/active and thats all, the init.d script of iptables does the rest. Best Regards
