iptables vs ipchains
Wed, 15 Aug 2001 16:51:34 -0700 (PDT)
--- Josiah DeWitt <email@example.com> wrote:
> Now that our firewall rules have matured and we have successfully switched
> from our backwards compatible ipchains ruleset, several people have noted,
> including myself an increased speed and response time while surfing the
> internet. I would like to take credit for this upgrade as my co-workers
> give me constant adulation but I feel that the credit really belongs to the
> netfilter team themselves.
> Just giving credit where credit is due...well done.
> I was wondering if anyone can comment on the various reasons why it may be
> so much faster than before. Perhaps my previous ruleset or skills
> proverbially...sucked, but I was hoping to overlook that.
> Thanks to the netfilter team!
According to Rusty, when you use the ipchains compatibility module,
it includes the full connection tracking and NAT code, thus making it very
heavy and slow (but still better than the original :-P ). When you switch to
the tiered, layered iptables-based system, it's much faster because you
can disable and select what you want to track and NAT through your system.
I got this info from reading the netdev and linux-kernel archives.
BTW, congrats on moving to iptables! And thanks for giving us (us
being the coreteam and a few other hackers) credit where it's due :-)
Permanent e-mail: firstname.lastname@example.org
Current e-mail: email@example.com
Reply to the address I used in the message to you,
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger