On Wed, 24 Jul 2002 21:24:56 +0800
zhengchuanbo <zhengcb@netpower.com.cn> wrote:
>
> we use a linux router. i just tested the performance of the router. when the kernel is build without netfilter support,the throughput of 64bytes frame is about 45%. when i build the kernel with netfilter (only the ip_filter module),the throughput dropped to 24%, without any rules.
> so is there some way to improve the performance? i just want some simple packet filter. is netfilter no so good on the performance compare to ipchains due to the improved functionality?
> please cc. thanks.
There are several stages.
1) CONFIG_NETFILTER=n
2) CONFIG_NETFILTER=y
3) CONFIG_NETFILTER=y CONFIG_IP_NF_TABLES=m, ip_tables.o loaded
4) iptables rules inserted.
Make sure you do not have CONFIG_NETFILTER_DEBUG or CONFIG_IP_NF_CONNTRACK
on!
Rusty.
-- there are those who do and those who hang on and you don't see too many doers quoting their contemporaries. -- Larry McVoy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Jul 30 2002 - 14:00:19 EST