Re: "iptables mark with filter fw" vs "u32 match"
From: Andy Furniss (firstname.lastname_at_dsl.pipex.com)
Date: 03/05/05
- Next message: writeson_at_charter.net: "WRT54GS and port forwarding ssh"
- Previous message: Allodoxaphobia: "Re: Putting a printer (LJ IIIp) on a network?"
- In reply to: Paweł Staszewski: "Re: "iptables mark with filter fw" vs "u32 match""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 05 Mar 2005 22:23:14 +0000
Paweł Staszewski wrote:
> Andy Furniss wrote:
>
>
>>Paweł Staszewski wrote:
>>
>>>Hello
>>>
>>>Does anyone do tests to compare performance iptables marking with u32
>>>filter ... ??
>>>
>>>u32 filter with 4000 rules on physical interface do 99% CPU ( 2,66GHz
>>>Xeon )
>>>
>>>4000 iptables rules with mark for fw filter do 89% CPU ( 2.66GHz Xeon )
>>>
>>>But if i optimize iptables and make separate chains then CPU is 20% ....
>>>
>>>Anyone has other results or tests ??
>>>
>>>
>>
>>You can classify directly with netfilter now.
>>
>>Andy.
>
>
> hmm ... Andy are You trying to say that iptables has more performance to do
> classifying than u32 filters ???
>
I haven't tested, but I guess direct classify will be better than mark +
filter.
Andy.
- Next message: writeson_at_charter.net: "WRT54GS and port forwarding ssh"
- Previous message: Allodoxaphobia: "Re: Putting a printer (LJ IIIp) on a network?"
- In reply to: Paweł Staszewski: "Re: "iptables mark with filter fw" vs "u32 match""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
