On Thu, Jul 12, 2007 at 11:59:46AM +0200, G?tz Reinicke wrote: > I was thinking about optimizing my rules file. AFAIK the most often used > connections shoud be at the top (first match) and the least used > connections should be at the buttom. > > Soon we will have some mor lans behind our shorewall, so some > optimization would be good to controll the traffic. > > Is there a way to see, which connections are used most, so I can change > the order of the rules? (Or am I completly wrong whith my thought...?)
Unless you have hundreds of rules, the penalty for being at the bottom of the list will be small compared to the penalty for using iptables at all. This is unlikely to make an appreciable difference. If performance matters to you enough to want even that small gain, buy a true hardware firewall (from cisco or whoever). They're much faster. Almost nobody needs them. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
