----- Original Message -----
From: "Kenneth Oncinian" <[EMAIL PROTECTED]>
To: "Philippine Linux Users Group Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, June 15, 2004 1:20 PM
Subject: Re: [plug] identifying users via squid
> Jopoy C. Solano wrote:
> > Would a lot of iptables rules slow down the machine?
>
> Slow down the machine itself? Or slow down network traffic?
> iptables itself compared to other packet filters like ipf or ipfw is
> very fast because it resides on kernel space,
iptables, ipf and ipfw are userland tools which do packet filtering and
accounting system that resides in the kernel...
> overhead is almost a
> non-issue. (unlike for example ipf or ipfw which uses userland tools)
overhead is an issue... this depends on mostly on your rule set and
processor speed... and that is where *optimization* comes in... some basic
rules for optimization are the followings:
- place an *established* rule early on to handle the majority of tcp
traffic
- place heavily triggered rules earlier in the rule set than those
rarely used (hint: use packet counting statistics)
jopoy, regarding to your question above, it wont slow down the machine due
to fair time sharing of every process but it will slow down your network
traffic because it is measured thru packets per second.. the lesser the
number of packets per second can achieved, the lesser the bandwidth
throughput is... usually the lesser throughput, the slower a certain service
will be but not the whole machine or system...
fooler.
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
