IPTABLES under RHEL6

Latest response

Has IPTABLES performance improved with RHEL6?  I have several firewalls running IPTABLES under RHEL5 and throuput testing with a gigabit firewall showed a maximum of 6XXMb/s with the firewall rules enabled while throughput would be over 900Mb/s without the firewall rules.

Responses

Hi Mike,

 

Performance of firewall greatly depends on number of rules. Can you please tell us how many rules you are having in a typical set-up ?

 

If you can share rules, I  can suggest possible rearrangement of rules in order to avoid performance penalties.  When a chain has many rules, netfilter/iptables filtering performance may drop significantly. Chain modifications (adding rules) performance also degrades significantly.

 

If you are using connection tracking features, it certainly has some additional overheads.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.