|
iptables - module, or built into kernel?
Hey
Is it best to compile all the iptables/NAT/Netfilter stuff into the kernel, or build it as modules? I guess they'll be used a lot, so will be loaded... Are there any performance boosts/preferences either way? Cheers |
My preference is to build any and everything as a module (including iptables) if it can be done so (option exists and not needed too early at boot, like my scsi driver). Then again, I am a bit wierd because I write all my kernels to floppy, and actually boot from a floppy. So for me, I suppose it certainly is a performance issue, even a usability issue as today's kernels can easily exceed a floppy with too many options compiled in.
|
module, unless it's needed at startup or within the first 10 seconds of loading init, module.
|
actually there is a way (using bootinitrd?) that you can make modules work for booting the machine, but anyways..
Another question, is the arp_tables code implimented yet? It doesn't seem to do a great deal, so I am going to remove it from my kernel for the time being? Any hints/tips from mega gurus on how to reduce kernel size to the min? (Without nuking the box!) Cheers |
| All times are GMT -5. The time now is 02:56 AM. |