>>Maybe we can add a new 'optimize' flag to the host.fw. So that we can easily >>turn on/off >>those optimizations?
Yes, good idea ! I'll send a new patch today ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: "pve-devel" <[email protected]> Envoyé: Vendredi 21 Mars 2014 16:31:11 Objet: RE: [pve-devel] pve-firewall benchmark result > >>It does not work with NFQUEUE (requires PFEFW-Accept, which is also > slow)? > > if no ips in any taps, do an -j ACCEPT > > else > > do -j PVEFW-Accept > (which is faster than going into all tap-outs, tap-in chains, because we are > going only into tap-in chains with ips enabled) Maybe we can add a new 'optimize' flag to the host.fw. So that we can easily turn on/off those optimizations? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
