Optimize iptables rules in NetVM

Move "state RELATED,ESTABLISHED" rule to the beginning.
2011-04-06 10:33:42 +02:00 · 2011-04-06 10:33:42 +02:00 · 95a52d388b
commit 95a52d388b
parent d4e80e7984
1 changed files with 1 additions and 1 deletions
--- a/common/iptables
+++ b/common/iptables
@ -19,9 +19,9 @@ COMMIT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -i vif+ -o vif+ -j DROP
 -A FORWARD -i vif+ -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -j DROP
 COMMIT
 # Completed on Mon Sep  6 08:57:46 2010