Performance of iptables-restore on large rule sets
I have a large rule set (~53000 rules) that I sometimes load using iptables-restore. (It takes almost an hour. Googling around tells me that the loop detection code in the kernel is slow with large rule sets. The only thing that seems odd to me is that throughout the entire loading process, iptables-restore is consistently at about 67% user and33% system processor time according to vmstat. If the slowness is in the kernel, shouldn't I be seeing a high and ever increasing amount of "system" time? Kernel is 2.6.9-1.681_FC3. Iptables is iptables-1.2.11-3.1.FC3. Thanks for any insights, Steve Bergman - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Performance of iptables-restore on large rule sets
I have a large rule set (~53000 rules) that I sometimes load using iptables-restore. (It takes almost an hour. Googling around tells me that the loop detection code in the kernel is slow with large rule sets. The only thing that seems odd to me is that throughout the entire loading process, iptables-restore is consistently at about 67% user and33% system processor time according to vmstat. If the slowness is in the kernel, shouldn't I be seeing a high and ever increasing amount of system time? Kernel is 2.6.9-1.681_FC3. Iptables is iptables-1.2.11-3.1.FC3. Thanks for any insights, Steve Bergman - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
