Mailinglist Archive: opensuse (929 mails)

< Previous Next >
Re: [opensuse] iptables: is PREROUTING nat before or after PREROUTING filter?
On 03/24/2014 09:07 AM, Per Jessen wrote:
Stefan Gofferje wrote:
The more interesting question is, where do I put the rules as
intelligently as possible? I want to block the IPs for INPUT (to the
fw host itself) as well as for FORWARD, but simply pushing the rules
twice, once into each chain, appears a huge waste of mem to me (those
are quite a couple of rules...).

Do you need the memory for anything else ? :-)

Well, those are REALLY many rules! We're talking about several hundred
networks here! As the fw is running in a VM, I'd like to not waste mem.

Besides, I'd also like to find the most elegant solution :).


(o_ Stefan Gofferje | SCLT, MCP, CCSA
//\ Reg'd Linux User #247167 | VCP #2263
V_/_ Heckler & Koch - the original point and click interface

< Previous Next >
Follow Ups