how many rules can be added?

John A. Sullivan III john.sullivan at
Thu Sep 16 18:49:35 CEST 2004

On Thu, 2004-09-16 at 10:10, Alaadin wrote:
> Hello,
> how many ip tables rules can i add ?
> i added already 40
> if i added untill 100 or 500 rule
> would this make problems ?
> would this make the system lag ?
> would this make the system hang
> how many ip tables rules can i add ? or its unlimited?
You can add many more than 500! For the complex security we manage on
the ISCS project (, we frequently encounter
rule sets many times this size.

As your rule set grows, you will want to pay attention to two particular

1) Optimize the traversal of your rule sets by using user defined
chains.  This is analogous to database indexing.  Sort your packets as
they come in and direct them to a subset of the total rules.

2) Optimize the load time of the rules.  This is noticeable even with
relatively small rule sets.  Use iptables-restore -n instead of loading
each rule separately with an iptables command.

Hope this helps - John
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan at
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit 

More information about the netfilter mailing list