Is there any difference between these two configuration options?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Is there any actual difference between
iptables -P FORWARD DROP
and
net.ipv4.ip_forward = 0
?
I know that one is a firewall command while the other one is a kernel option. But:
- I don't know whether
net.ipv4.ip_forward = 0
is enforced by netfilter or by the kernel directly. - I don't know if there is any overhead associated with
iptables -P FORWARD DROP
compared tonet.ipv4.ip_forward = 0
. - I couldn't find any reference clearly stating that these two options are actually identical in their effect.
In short, is there any actual difference between these two commands?
linux kernel iptables
add a comment |
Is there any actual difference between
iptables -P FORWARD DROP
and
net.ipv4.ip_forward = 0
?
I know that one is a firewall command while the other one is a kernel option. But:
- I don't know whether
net.ipv4.ip_forward = 0
is enforced by netfilter or by the kernel directly. - I don't know if there is any overhead associated with
iptables -P FORWARD DROP
compared tonet.ipv4.ip_forward = 0
. - I couldn't find any reference clearly stating that these two options are actually identical in their effect.
In short, is there any actual difference between these two commands?
linux kernel iptables
There might be some differences in ICMP messages generated. For example, TTL exceeded, fragmentation needed, etc. Not sure. I spent a few minutes trying to read the kernel code...
– derobert
Oct 4 '13 at 4:58
add a comment |
Is there any actual difference between
iptables -P FORWARD DROP
and
net.ipv4.ip_forward = 0
?
I know that one is a firewall command while the other one is a kernel option. But:
- I don't know whether
net.ipv4.ip_forward = 0
is enforced by netfilter or by the kernel directly. - I don't know if there is any overhead associated with
iptables -P FORWARD DROP
compared tonet.ipv4.ip_forward = 0
. - I couldn't find any reference clearly stating that these two options are actually identical in their effect.
In short, is there any actual difference between these two commands?
linux kernel iptables
Is there any actual difference between
iptables -P FORWARD DROP
and
net.ipv4.ip_forward = 0
?
I know that one is a firewall command while the other one is a kernel option. But:
- I don't know whether
net.ipv4.ip_forward = 0
is enforced by netfilter or by the kernel directly. - I don't know if there is any overhead associated with
iptables -P FORWARD DROP
compared tonet.ipv4.ip_forward = 0
. - I couldn't find any reference clearly stating that these two options are actually identical in their effect.
In short, is there any actual difference between these two commands?
linux kernel iptables
linux kernel iptables
edited Mar 18 at 3:19
Rui F Ribeiro
42.1k1484142
42.1k1484142
asked Oct 3 '13 at 14:41
user48463user48463
232
232
There might be some differences in ICMP messages generated. For example, TTL exceeded, fragmentation needed, etc. Not sure. I spent a few minutes trying to read the kernel code...
– derobert
Oct 4 '13 at 4:58
add a comment |
There might be some differences in ICMP messages generated. For example, TTL exceeded, fragmentation needed, etc. Not sure. I spent a few minutes trying to read the kernel code...
– derobert
Oct 4 '13 at 4:58
There might be some differences in ICMP messages generated. For example, TTL exceeded, fragmentation needed, etc. Not sure. I spent a few minutes trying to read the kernel code...
– derobert
Oct 4 '13 at 4:58
There might be some differences in ICMP messages generated. For example, TTL exceeded, fragmentation needed, etc. Not sure. I spent a few minutes trying to read the kernel code...
– derobert
Oct 4 '13 at 4:58
add a comment |
1 Answer
1
active
oldest
votes
When you disable packet forwarding between interfaces the FORWARD chain is ignored at all. So, in connection to performance which is where your question is targeted it does not make any difference.
You can check it doing:
iptables -L -vnx
HTH
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f93450%2fis-there-any-difference-between-these-two-configuration-options%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
When you disable packet forwarding between interfaces the FORWARD chain is ignored at all. So, in connection to performance which is where your question is targeted it does not make any difference.
You can check it doing:
iptables -L -vnx
HTH
add a comment |
When you disable packet forwarding between interfaces the FORWARD chain is ignored at all. So, in connection to performance which is where your question is targeted it does not make any difference.
You can check it doing:
iptables -L -vnx
HTH
add a comment |
When you disable packet forwarding between interfaces the FORWARD chain is ignored at all. So, in connection to performance which is where your question is targeted it does not make any difference.
You can check it doing:
iptables -L -vnx
HTH
When you disable packet forwarding between interfaces the FORWARD chain is ignored at all. So, in connection to performance which is where your question is targeted it does not make any difference.
You can check it doing:
iptables -L -vnx
HTH
answered Oct 3 '13 at 15:45
sebelksebelk
1,86121936
1,86121936
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f93450%2fis-there-any-difference-between-these-two-configuration-options%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
There might be some differences in ICMP messages generated. For example, TTL exceeded, fragmentation needed, etc. Not sure. I spent a few minutes trying to read the kernel code...
– derobert
Oct 4 '13 at 4:58