[pve-devel] pve-firewall benchmark result
Dietmar Maurer
dietmar at proxmox.com
Fri Mar 21 07:47:37 CET 2014
> -A tap110i0-IN -m conntrack --ctstate INVALID,NEW -j PVEFW-smurfs
> -A tap110i0-IN -p udp -m udp --sport 67 --dport 68 -j ACCEPT
> -A tap110i0-IN -p tcp -j PVEFW-tcpflags
> -A tap110i0-IN -m conntrack --ctstate INVALID -j DROP
> -A tap110i0-IN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # move this to chain start?
Would we gain some performance if we move that test to the start of the chain?
More information about the pve-devel
mailing list