how many rules can be added?

John A. Sullivan III john.sullivan at nexusmgmt.com
Thu Sep 16 18:49:35 CEST 2004


On Thu, 2004-09-16 at 10:10, Alaadin wrote:
> Hello,
> 
> how many ip tables rules can i add ?
> i added already 40
> if i added untill 100 or 500 rule
> would this make problems ?
> would this make the system lag ?
> would this make the system hang
> how many ip tables rules can i add ? or its unlimited?
You can add many more than 500! For the complex security we manage on
the ISCS project (http://iscs.sourceforge.net), we frequently encounter
rule sets many times this size.

As your rule set grows, you will want to pay attention to two particular
needs:

1) Optimize the traversal of your rule sets by using user defined
chains.  This is analogous to database indexing.  Sort your packets as
they come in and direct them to a subset of the total rules.

2) Optimize the load time of the rules.  This is noticeable even with
relatively small rule sets.  Use iptables-restore -n instead of loading
each rule separately with an iptables command.

Hope this helps - John
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan at nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 




More information about the netfilter mailing list