2009-07-11

Iptables: router performance

Original: Iptables – производительность роутера (Russian)
Incorrect iptables settings may cause poor router performance. I'll show you how can you improve iptables performance

Disable connection tracking

The first thing you need to do (if you are not using NAT) is to disable connection tracking in nat table, PREROUTING chain:
iptables -A PREROUTING -j NOTRACK

Notice that if you have rules with match module, you'll have to change them to avoid match module. Also, all rules using conntrack will stop working.