|
|
|
|
|
|
by bravetraveler
1544 days ago
|
|
|
I think keeping that kind of stuff to the minimum would be important. iptables is a good example -- it can scale rather poorly! Packets are run across the chains at length until a matching rule is found. For most configurations this isn't a problem - the rules are filtered against quickly. If density reaches the point to where you have thousands of forwards, it'll slow down a lot! You'll want to look into optimizations (eg: ipsets), offloading to hardware, or simply going to host networking |
|
|