Run iptables -w check against a usually small chain

The iptablesw check, that's just looking for whether -w is supported or
not, previousely caused iptables to list all rules, each time you do
a shorewall check or shorewall start/reload. That might be quite
a lot, depending on the amount of rules you have. It is also no
necessary to parse each rule just to check for -w. Let's switch to the
usually much smaller INPUT chain, to reduce the overhead
This commit is contained in:
Christian Ruppert 2022-04-01 16:41:05 +02:00
parent 672c3420a0
commit c941cf4bb5
No known key found for this signature in database
GPG Key ID: C3B1D3399DC38675

View File

@ -5818,7 +5818,7 @@ sub get_capabilities($)
# #
# Determine if iptables supports the -w option # Determine if iptables supports the -w option
# #
$iptablesw = qt1( "$iptables -w -L -n") ? '-w' : ''; $iptablesw = qt1( "$iptables -w -n -L INPUT") ? '-w' : '';
my $iptables_restore=$iptables . '-restore'; my $iptables_restore=$iptables . '-restore';