Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition

6. Firewall Optimization

Chapter 5, “Building and Installing a Standalone Firewall,” used both the iptables and nftables firewall administration programs to build a simple, single-system, custom-designed firewall. This chapter introduces firewall optimization. Optimization can be divided into three major categories: rule organization, use of the state module, and user-defined chains. The example in the preceding chapter was shown both with and without the use of the state module. This chapter focuses on rule organization and user-defined chains.

Rule Organization

Little optimization can be done using only the INPUT, OUTPUT, and FORWARD chains. Chain traversal is top to bottom, one rule at a time, until the packet matches a rule. The rules on ...

Get Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition by

6. Firewall Optimization

Rule Organization

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly