Fwd: iptables extremely slow

[Gaston Franco]

Hi..
just one coment... see below ..

Robert Olsson wrote:
> 
> OK, so was my question extremely stupid so it was totally ignored,
> or is it possible that none of you great people has a clue what's going on?
> Someone must have experienced the same phenomena.
> Resending the message. Please, doesn't anyone know what I'm stumbling on here?
> If the info below isn't enough to identify the problem, let me know.
> Thanks a big whole lot in advance for your time!
> 
> Best Regards
> Robban
> ---
> To: netfilter@lists.samba.org
> From: Robert Olsson <robban@robtex.com>
> Date: Tue, 07 Aug 2001 20:14:14 +0200
> 
> I'm trying to track down why my iptables-script is slow (takes minutes),
> and found something very interesting.
> Running iptables v1.1.1 on kernel 2.4.2, this is basically what I do,
> without getting into details I assume isn't interesting:
> 
> # flush and delete all old rules, create some new:
> iptables -F ...
> iptables -X ...
> iptables -N ...
> ...

> 
> # set default policy
> iptables -P FORWARD-j DROP
              ^^^^^^^^^^ 
may be is a typo mistake ?

to set the default policy... use
iptables -P FORWARD DROP 

that's all... 


> 
> # add a lot of rules (about 500) in different chains (about 20):
> iptables -A fw ... # the main chain
> iptables -A chain1 ...
> iptables -A chain2 ...
> ...
> 
> # so far so good, processed in a few seconds
> # finally, link the whole thing to the forward-rule.
> 
> iptables -A FORWARD -j fw
> 
> # that last command takes a few minutes(!) to execute.
> # seems to work a lot faster if it's put in the beginning of the script,
> # but that's not where I want it
> 
> Does anyone have any idea why it takes so long time to add that last rule?
> Is it bubblesorting the table or something like that? :)
> Please advise. Thanks a lot in advance!
> 
> Best Regards
> Robban