Dan Winship bfa4948bb6 Don't re-run EnsureChain/EnsureRules on partial syncs ...

We currently invoke /sbin/iptables 24 times on each syncProxyRules
before calling iptables-restore. Since even trivial iptables
invocations are slow on hosts with lots of iptables rules, this adds a
lot of time to each sync. Since these checks are expected to be a
no-op 99% of the time, skip them on partial syncs.

2022-11-29 09:42:49 -05:00

67 KiB

Raw Blame History

View Raw