Netfilter Performance Testing

This paper documents the results of the performance testing of netfilter, the firewalling subsystem of the Linux kernel. We compared the performance of two different hardware configurations and measured the throughput at plain routing, connection tracking, filtering and NAT. We also examined the dependency of the performance on the number or rules for iptables, nf-hipac and ipset.