Ketil Froyn wrote:
> [snipped ipchains script]
>
> I was suddenly curious... I can see the need for a script like this, but
> how (in)efficient is something like this? What is the overhead of checking
> each packet against a potentially large number of rules before it is
> accepted? Anyone made some measurements?
No, but I recall that the time to check a packet is roughly
proportional to the number of rules which are checked but fail
(processing stops once a rule matches).
As others have already pointed out, you would want most packets to
either pass or fail early on. So where possible, the rules should be
arranged to facilitate this.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
