On Sep 8 2007 13:28, Steven Van Acker wrote:
>
>it's remarkable that we have never tried it this way before.
>I tested adding 10000 lines with iptables, then using iptables-save and
>iptables-restore. The difference in speed is amazing. With iptables it
>takes 5 minutes and 10 seconds, while iptables-restore takes 0.3
>seconds.

Well obviously. Because *for EACH* iptables command that you run,
it does a load and store. That, by definition, takes O(n*(n+1));
where iptables-restore is like O(n) for n rules.



Jan
--