On 6/17/2024 11:53 AM, R C wrote:
Well, I am talking about firewalld, RHEL8. Regardless of SPI. My reasoning is, a firewall needs to check pretty much every packet a node receives.
Realize that firewalld isn't itself the actual firewall, but a management front-end for the kernel code that does the actual packet inspection. You'll want to look at the back end that firewalld uses. On RHEL8, the default back end in the kernel is nftables. (Earlier operating systems used iptables and that's still available on RHEL8.) So start by googling for "nftables performance". The performance section in the nftables wiki might be another good place to start.