Latest response

Has IPTABLES performance improved with RHEL6?  I have several firewalls running IPTABLES under RHEL5 and throuput testing with a gigabit firewall showed a maximum of 6XXMb/s with the firewall rules enabled while throughput would be over 900Mb/s without the firewall rules.


Hi Mike,


Performance of firewall greatly depends on number of rules. Can you please tell us how many rules you are having in a typical set-up ?


If you can share rules, I  can suggest possible rearrangement of rules in order to avoid performance penalties.  When a chain has many rules, netfilter/iptables filtering performance may drop significantly. Chain modifications (adding rules) performance also degrades significantly.


If you are using connection tracking features, it certainly has some additional overheads.