[pve-devel] pve-firewall benchmark result
Alexandre DERUMIER
aderumier at odiso.com
Fri Mar 21 14:04:33 CET 2014
>>It does not work with NFQUEUE (requires PFEFW-Accept, which is also slow)?
if no ips in any taps, do an -j ACCEPT
else
do -j PVEFW-Accept
(which is faster than going into all tap-outs, tap-in chains, because we are going only into tap-in chains with ips enabled)
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 21 Mars 2014 13:49:10
Objet: RE: [pve-devel] pve-firewall benchmark result
> >>If so, I would not spend too much time into optimizing.
> do you see some blocking points to not keep it at the begin of FORWARD ?
It does not work with NFQUEUE (requires PFEFW-Accept, which is also slow)?
More information about the pve-devel
mailing list