[pve-devel] pve-firewall benchmark result
Alexandre DERUMIER
aderumier at odiso.com
Mon Mar 24 09:02:22 CET 2014
>>Maybe we can add a new 'optimize' flag to the host.fw. So that we can easily turn on/off
>>those optimizations?
Yes, good idea !
I'll send a new patch today
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 21 Mars 2014 16:31:11
Objet: RE: [pve-devel] pve-firewall benchmark result
> >>It does not work with NFQUEUE (requires PFEFW-Accept, which is also
> slow)?
>
> if no ips in any taps, do an -j ACCEPT
>
> else
>
> do -j PVEFW-Accept
> (which is faster than going into all tap-outs, tap-in chains, because we are
> going only into tap-in chains with ips enabled)
Maybe we can add a new 'optimize' flag to the host.fw. So that we can easily turn on/off
those optimizations?
More information about the pve-devel
mailing list