Phil Sutter's contributions
Article
Optimizing iptables-nft large ruleset performance in user space
Lean how to optimize iptables-nft performance when using large rulesets by configuring the kernel cache, complete with test benchmark explanations.
Article
Benchmarking nftables
Since I've learned about nftables, I heard numerous times that it would provide better performance than its designated predecessor, iptables. Yet, I have never seen actual figures of performance comparisons between the two and so I decided to do a little side-by-side comparison. Basically, my idea was to find out how much certain firewall setups affect performance. In order to do that, I simply did a TCP stream test between two network namespaces on the same system and then added...
Article
Migrating my iptables setup to nftables
Wanting to become familiar with nftables, I decided to jump in at the deep end and just use it on my local workstation. The goal was to replace the existing iptables setup, ideally without any drawbacks. The following essay will guide you through what I have done in order to achieve that. In order to be able to follow, you should already be familiar with iptables and at least have a rough idea of what nftables are. I don't see...
Article
Optimizing iptables-nft large ruleset performance in user space
Lean how to optimize iptables-nft performance when using large rulesets by configuring the kernel cache, complete with test benchmark explanations.
Article
Benchmarking nftables
Since I've learned about nftables, I heard numerous times that it would provide better performance than its designated predecessor, iptables. Yet, I have never seen actual figures of performance comparisons between the two and so I decided to do a little side-by-side comparison. Basically, my idea was to find out how much certain firewall setups affect performance. In order to do that, I simply did a TCP stream test between two network namespaces on the same system and then added...
Article
Migrating my iptables setup to nftables
Wanting to become familiar with nftables, I decided to jump in at the deep end and just use it on my local workstation. The goal was to replace the existing iptables setup, ideally without any drawbacks. The following essay will guide you through what I have done in order to achieve that. In order to be able to follow, you should already be familiar with iptables and at least have a rough idea of what nftables are. I don't see...
