Response time of Iptables
26 Oct 1999 19:19:23 -0700
Me> Assume that both packets come from the same IP address, and packet A
Me> matches a pattern for some evil activity. Assume that our logic
Me> matches packet A and recognizes the evil activity with negligible
Me> computing time.
Me> ** Is it possible to change the Iptables rules fast enough to deny IP
Me> packet B access?
PR> In the current networking infrastructure, yes. It won't be on SMP
PR> boxen in 2.5 (it may be processed on the other CPU). Of course, you
PR> can force serialization inside your extention if you want to, using
Are you saying that I need to force serialization in an extension in
order to guarantee that any change I make as a result of packet A gets
registered before packet B is processed?