From 95a52d388b2e9b7aa51dbbe2581d56a512cf8d39 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Wed, 6 Apr 2011 10:33:42 +0200
Subject: [PATCH] Optimize iptables rules in NetVM

Move "state RELATED,ESTABLISHED" rule to the beginning.
---
 common/iptables | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/iptables b/common/iptables
index b2100ba9..b80c19a2 100644
--- a/common/iptables
+++ b/common/iptables
@@ -19,9 +19,9 @@ COMMIT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -i vif+ -o vif+ -j DROP
 -A FORWARD -i vif+ -j ACCEPT
--A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -j DROP
 COMMIT
 # Completed on Mon Sep  6 08:57:46 2010