>>that is worst case? I think, because they are a lot of taps, and in/out taps was at the end.
I check cloudstack and openstack, they put -m state --state RELATED,ESTABLISHED -j ACCEPT at the begin of forward. >>If so, I would not spend too much time into optimizing. do you see some blocking points to not keep it at the begin of FORWARD ? ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]>, "pve-devel" <[email protected]> Envoyé: Vendredi 21 Mars 2014 07:00:16 Objet: RE: [pve-devel] pve-firewall benchmark result > so around 10% loss that is worst case? If so, I would not spend too much time into optimizing. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
