On Thu, Oct 12, 2017 at 01:13:49AM +0200, Florian Westphal wrote:
> iptables-restore can take quite a long time when sytem is busy, in order
> of half a minute or more.
>
> The main reason for this is the way ip(6)tables performs table swap:
>
> When xt_replace_table assigns the new ruleset
iptables-restore can take quite a long time when sytem is busy, in order
of half a minute or more.
The main reason for this is the way ip(6)tables performs table swap:
When xt_replace_table assigns the new ruleset pointer, it does
not wait for other processors to finish with old ruleset.
