From ed40415458481a5e91911911b1cf80c97d2f0986 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 13 Jan 2013 08:19:26 -0800 Subject: [PATCH] Add FAQ 101 (speed up start/restart) Signed-off-by: Tom Eastep --- docs/FAQ.xml | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index cdbcbb8af..d91bd663f 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -247,7 +247,7 @@ DNAT net:address loc:local-IP-address You are trying to test from inside your firewall (no, that - won't work -- see ). + won't work -- see ). @@ -2204,6 +2204,35 @@ gateway:~# tool when you installed Shorewall. Look for a service called 'iptables' that is being started after Shorewall and disable it. + +
+ (FAQ 101) How can I speed up 'shorewall start' and 'shorewall + restart' on my slow hardware? + + Answer: There are several steps + that you can take: + + + + If your kernel supports module autoloading (and distribution + default kernels almost always do), then set LOAD_HELPERS_ONLY=Yes in + shorewall.conf. + + + + Set AUTOMAKE=Yes in shorewall.conf. This will avoid the + compilation phase in cases where the configuration has not changed + since the last time that the configuration was compiled. + + + + Don't set optimization option 8. For example, if you currently + set OPTIMIZE=31, then change that to OPTIMIZE=23. Optimization + option 8 combines identical chains which can result in a smaller + ruleset, but it slows down the compilation of large rulesets. + + +
@@ -2922,7 +2951,7 @@ Shorewall has detected the following iptables/netfilter capabilities: Persistent SNAT: Available gateway:~# - +