Mailinglist Archive: opensuse (929 mails)

< Previous Next >
Re: [opensuse] iptables: is PREROUTING nat before or after PREROUTING filter?
  • From: Andrey Borzenkov <arvidjaar@xxxxxxxxx>
  • Date: Mon, 24 Mar 2014 17:03:10 +0400
  • Message-id: <CAA91j0Uu3Xvyts7S1AxfNV4BEDF=p41nttYMN1oUB-+Sh9gNGA@mail.gmail.com>
On Mon, Mar 24, 2014 at 4:46 PM, Stefan Gofferje
<lists-opensuse@xxxxxxxxxxxxxxxxx> wrote:
On 03/24/2014 02:13 PM, James Knott wrote:
Stefan Gofferje wrote:
Well, those are REALLY many rules! We're talking about several hundred
networks here! As the fw is running in a VM, I'd like to not waste mem.

Many years ago, the IPv4 network went through a process of aggregation
to greatly reduce routing tables. This means networks in China should
be under one large group. That's where you should start the process.

Guys, the question was which chain comes first in the packet path!


http://netfilter.org/documentation/HOWTO//netfilter-hacking-HOWTO-3.html#ss3.2
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >