Optimize iptables rules in NetVM

Move "state RELATED,ESTABLISHED" rule to the beginning.
2011-04-06 10:33:42 +02:00 · 2011-04-06 10:33:42 +02:00 · ae3092e741
commit ae3092e741
parent d367c140c2
1 changed files with 1 additions and 1 deletions
--- a/common/iptables
+++ b/common/iptables
@ -19,9 +19,9 @@ COMMIT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -i vif+ -o vif+ -j DROP
 -A FORWARD -i vif+ -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -j DROP
 COMMIT
 # Completed on Mon Sep  6 08:57:46 2010