Hi,
We are testing vyos to replace vyatta firewall , during one of our testing we found that when the firewall rules are more than about 900 - 1000 the time take to commit takes longer .
Is this a known behavior the configuration of the firewall is 2 core 1gb ram this is a virtual instance in vmware
Regards
senthil
What changes are you committing at the time that takes longer? Are you committing 900+ firewall rules, or do you mean that the commit takes longer when you’ve already got 900+ firewall rules and you change something else?
Hi,
Yes we see the commit taking time if i have about 900 firewall rules and if we change some parameters in a rule or nat setting etc.
Regards
senthil
I may be wrong but I think when you change a NAT or Firewall rule, the entire iptables are rewritten.
So if you have 900 rules, even if you change only 1 the 900 are written back to iptables.