Optimized iptables Firewall from Chapter 5
For most systems on DSL, cable modem, and lower-speed leased line connections, the chances are good that the Linux network code can handle packets faster than the network connection can. Particularly because firewall rules are order-dependent and difficult to construct, organizing the rules for readability is probably a bigger win than organizing for speed.
In addition to general rule ordering, iptables supports user-defined rule lists, or chains, that you can use to optimize your firewall rules. Passing a packet from one chain to another based on values in the packet header provides a means to selectively test the packet against a subset of the INPUT, OUTPUT, or FORWARD rules rather than testing the ...
Get Linux Firewalls, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
