Re: Having too many access lists in Linux

From: Teodor Iacob (Teodor.Iacob@astral.kappa.ro)
Date: Fri Mar 29 2002 - 05:13:08 EST


Hello,

We have in use a linux router having about 1400 iptables rules, doing
cbq with 450 entries, doing bgp and ospf also with 1200 routes, it
is a dual PIII 667 and most of the time it has about 75% percent
free processor, and also through it we have about 30Mbps average ..

On Thu, Mar 28, 2002 at 07:17:05PM -0700, Irwan Hadi wrote:
> Dear All,
>
> I just curious (since I haven't tried this), what happened to linux (the
> kernel especially), when a Linux Box has for example 100 access lists,
> 500 access lists, 1000 access lists, etc ?
> Will I see a process consuming 100% of CPU Resources, or people will
> feeling much slower when they are accessing my server, or the box starts
> dropping some packets ?
>
> (what I meant access lists is the TCP filtering managed thru ipchains,
> iptables, etc.)
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

-- 
      Teodor Iacob,
Astral TELECOM Internet
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Mar 31 2002 - 22:00:17 EST