Tom Eastep wrote: > On 4/18/13 4:15 PM, "Dash Four" <mr.dash.f...@googlemail.com> wrote: > > >> I presume if I include conditions (like +dmz-net in SOURCE or DEST for >> example), I would see these preceding the nfacct match right? >> > > Correct. There is a fix for that feature attached. > Thanks, though I will hold-on to this for the time being as the solution below is much better (your patch would be "plan B" if you like).
>> As I already indicated earlier, this certainly isn't easy, but if >> implemented properly, it would be more efficient as there are less rules >> to traverse - with accounting that is of importance since all packets >> normally pass through these chains. >> > > Let me think about it a while... > No problem, take your time - I know it isn't straight-forward, but I think it would be worth it in the end as there is a lot to be gained, certainly from a performance point of view. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
