hi
i am new to linux firewall
i want to know if we want to have a good linux firewall always we have to do filtering stateful , or we can use stateless filtering for some connection and stateful filtering for other connection, i ask this because when we use stateful filtering connection table for every connection create an entry and search in this table cause decreasing firewall connection speed
please solve my problem
best

No, searching /proc/net/ip_conntrack should not cause ANY decrease in connection speed. 0) How did you actually measure that? And what is the 1) reason you're searching /proc/net/ip_conntrack and 2) how are you doing that?

dear anspawn
tnx to answer
when i say we search in the connection table i mean the iptables search in connection table to match the incoming packet
with one of the entry in this table ,i don't mean we search in this table.
when we use connection tracking with -m option ,every time we create a new connection ,a new entry is added to this table (connection tracking table), and every packet wants to come to or left from and pass from the firewall is checked with the connection tracking table entries but if we do filtering by stateless rules then we don't have this checking
i don't know is my decryption well to clear the problem ?
best

After the connection is established, subsequent traffic will be quicker because the "established, related" rule will accept the traffic bypassing subsequent rules.

Next to what jschiwal wrote generally speaking performance will only be an issue if you have performance-draining rules or illogical rule ordering or if you use some access-denying kludge that dumps rules in the filter table INPUT chain (or anywhere else that isn't at the network level like /etc/hosts.deny, /etc/hosts, .ht_access files). Understanding Netfilter is key, including modules like "recent", targets like "NOTRACK" and additional utilities like "ipset". See this and this and maybe this and this.