Tom Eastep wrote: > Upgrade to 4.0.2 and switch to Shorewall-perl.
Here's an example: gateway:~ # shorewall compile -C perl firewall Compiling... Shorewall configuration compiled to /root/firewall gateway:~ # time ./firewall restart Restarting Shorewall.... done. real 0m0.853s <================== user 0m0.340s sys 0m0.276s gateway:~ # shorewall compile -C shell firewall Compiling... Shorewall configuration compiled to /root/firewall gateway:~ # time ./firewall restart Restarting Shorewall.... done. real 0m4.132s <================== user 0m0.740s sys 0m1.876s gateway:~ # And with Shorewall-perl, the netfilter rulesets are swapped atomically on a table by table basis. So there are no periods when packets are being dropped. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
