Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758737AbZDKSdS (ORCPT ); Sat, 11 Apr 2009 14:33:18 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1757176AbZDKSc5 (ORCPT ); Sat, 11 Apr 2009 14:32:57 -0400 Received: from yx-out-2324.google.com ([74.125.44.29]:45957 "EHLO yx-out-2324.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754721AbZDKScz convert rfc822-to-8bit (ORCPT ); Sat, 11 Apr 2009 14:32:55 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding :content-disposition:message-id; b=fZSqk+cCWxbjuBwSld2UsxmBNhmDU2AtneFx0DMeIK+EaEZDgaVtYNg9f/nOSevooP HAsWVtplcdz4Oe+1MX30dXyV7tavDwOMpRZNhPbXIWSq4pGJbvqvLMXylokLhDnYG+DG 5yah9+HcnK6zfcboBdUzFELuAEwkN9wns9bJY= From: Arkadiusz Miskiewicz To: Kyle Moffett Subject: Re: iptables very slow after commit 784544739a25c30637397ace5489eeb6e15d7d49 Date: Sat, 11 Apr 2009 20:32:48 +0200 User-Agent: KMail/1.11.2 (Linux/2.6.30-rc1; KDE/4.2.2; x86_64; ; ) Cc: David Miller , jengelh@medozas.de, paulmck@linux.vnet.ibm.com, torvalds@linux-foundation.org, mingo@elte.hu, laijs@cn.fujitsu.com, shemminger@vyatta.com, jeff.chua.linux@gmail.com, dada1@cosmosbay.com, kaber@trash.net, r000n@r000n.net, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org References: <20090410.230016.176733137.davem@davemloft.net> In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 8BIT Content-Disposition: inline Message-Id: <200904112032.49335.a.miskiewicz@gmail.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 870 Lines: 24 On Saturday 11 of April 2009, Kyle Moffett wrote: > Almost all of the standard firewall tools (such as shorewall, etc) are > already using iptables-restore command to load firewall rules, > primarily because using separate iptables commands was *already* way > too slow. Some time ago there was batch patch that allowed to use standard shell format of calling iptables but did everything at once: http://lists.netfilter.org/pipermail/netfilter-devel/2004- September/016704.html It didn't get merged - no idea why. -- Arkadiusz Miƛkiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/