forked from extern/shorewall_code
Run iptables -w check against a usually small chain
The iptablesw check, that's just looking for whether -w is supported or not, previousely caused iptables to list all rules, each time you do a shorewall check or shorewall start/reload. That might be quite a lot, depending on the amount of rules you have. It is also no necessary to parse each rule just to check for -w. Let's switch to the usually much smaller INPUT chain, to reduce the overhead
This commit is contained in:
parent
672c3420a0
commit
c941cf4bb5
@ -5818,7 +5818,7 @@ sub get_capabilities($)
|
|||||||
#
|
#
|
||||||
# Determine if iptables supports the -w option
|
# Determine if iptables supports the -w option
|
||||||
#
|
#
|
||||||
$iptablesw = qt1( "$iptables -w -L -n") ? '-w' : '';
|
$iptablesw = qt1( "$iptables -w -n -L INPUT") ? '-w' : '';
|
||||||
|
|
||||||
my $iptables_restore=$iptables . '-restore';
|
my $iptables_restore=$iptables . '-restore';
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user