LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Netfilter: mangle vs. filter
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-25-2008, 05:59 PM   #1
zerg4141
LQ Newbie
 
Registered: Jul 2005
Distribution: Debian
Posts: 27

Rep: Reputation: 15
Netfilter: mangle vs. filter

Hi, I'm working on a bridging firewall that see's a lot of traffic, and I'm using netfilter/iptables.

I need efficiency in my rules, and so far I have been putting a significant amount of filtering (dropping unused IPs, bad packets, etc) into the mangle table to keep processing down. My question is this:

Is it acceptable (and safe) to do some filtering in the mangle table, or should that all happen in the filter section? Is it ok to move some of this into the raw table (since it occurs before connection tracking)?

So far I haven't run into problems, but this will be going into production soon. Feedback is awesome.

Thanks,
zerg4141
 
Old 04-26-2008, 01:55 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
The last time i checked you were discouraged from using the mangle table for filtering.
 
Old 04-28-2008, 12:31 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Moved to Networking for more adequate exposure.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mangle ip source with iptables spank Linux - Networking 1 02-02-2008 12:34 AM
Mangle Table santhosh23 Linux - General 2 06-24-2007 08:52 PM
LXer: Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter LXer Syndicated Linux News 0 02-15-2007 09:46 PM
need info on mangle swapna_gg83 Linux - Networking 3 05-03-2006 12:34 AM
iptables mangle problem posixjunkie Linux - Networking 1 04-25-2006 10:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:16 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration