LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-24-2011, 05:29 PM   #1
nyheat
Member
 
Registered: Aug 2005
Distribution: Debian
Posts: 75

Rep: Reputation: 15
Arrow Best guess on how iptables will perform with thousands of rules?


Anyone have experience with very large rulesets?

My current iptables ruleset forwards several hundred IP ranges to a different port.
But that ruleset is about to increase into the thousands and with time will grow into the tens of thousands.

I don't want to optimize prematurely, but I'm hesitant to add several thousand ranges without knowing what kind of impact it will have.

Does anyone have experience in this area, or can suggest some means of benchmarking the performance impact?

---

Sidenote: aside from the port forwarding for the aforementioned ranges, there are no other rules except for a handful of ACCEPTs.

* running Debian 6 with a 2.6.39 kernel.
 
Old 12-24-2011, 07:18 PM   #2
d3vrandom
Member
 
Registered: Jun 2006
Location: Karachi, Pakistan
Distribution: OpenSUSE, CentOS, Debian
Posts: 59

Rep: Reputation: 9
Use something like ipset:

http://ipset.netfilter.org/
 
Old 12-24-2011, 07:48 PM   #3
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 189Reputation: 189
May also be of some interest..

http://people.netfilter.org/kadlec/nftest.pdf
 
  


Reply

Tags
debian, iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] binutils configure.guess - cannot guess build type bisonapp Linux From Scratch 3 01-09-2011 03:31 AM
Restore iptables Rules that have been saved with iptables-save tiuz Linux - Security 4 08-14-2010 05:50 PM
iptables - how to open port 22 (I guess) expatCM Linux - Server 5 12-05-2007 04:51 AM
iptables 1.27a still loading rules after installing iptables 1.3.0 yawe_frek Linux - Software 1 06-07-2007 09:50 PM
IPTABLES - rules in /etc/sysconfig/iptables The_JinJ Linux - Newbie 6 11-20-2004 01:40 AM


All times are GMT -5. The time now is 04:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration