hi,
an other suggestion...
the use of iptables-save and iptables-restore for large rules set in iptables...
iptables-save dump all rules set in a file that iptables use as-is
iptables-restore can only take the dump file and map it back i memory for iptables in one step witch is really good, for example, server reboot.
of course the dump file has to rewrite every time a rules chain in iptables... but i don't think this would be a problem.
this would also permit larger amount of rules manage by a server because the stability is increase with this method.
iptables-save and iptables-restore for performance
Re: iptables-save and iptables-restore for performance
Doing that would have little advantage, if any at all. It would not allow for more rules, nor would it have any affect on stability. You can currently defer csf startup if you want to avoid the overhead on boot time using the LF_QUICKSTART option in csf.conf.