I intended to start a new thread but is no need. i'm the one who open this anyway.
For some this is not important...for me it is.many low-medium Co. prefer not to pay 4-6k on a ASA and they go for Software Appliances.In this case i need to perform some tests (simulate load & stress) against an ASA device.
I was searching for methods to "test" the iptables performance.Being a Kernel module => need to test Kernel performance on specific HW.
For sure it can be tested by applying many / complex rules.But how? I was searching for :
- rule read time
- rule execution time
- are those loaded in RAM? i guess not, iptables is not using a cfg file for his rules.(on pf i used to load that file from a RAM-FS)
- scalability graph based on the nr. of users &/or VPN users.

Found this :
http://people.netfilter.org/kadlec/nftest.pdf

Thanks

thx for the detalis.
I'll start with the defauls

Seeing that no-one has answered...

Like a lot of 'tunable' parameters - ClearOS comes with settings that are a good starting place. However, they may not be optimal for every system as there are so many variations in usage patterns that "no one size fits all". Hence to get the best it's a matter of understanding what each parameter does and how to measure and adjust if necessary.

As usual, a google search on such a general question will provide much more information than anybody on these forums, including me :-), would be prepared to type. Two examples in this case are

http://www.wenzk.com/archives/417 and http://timanovsky.wordpress.com/2009/04/10/tuning-linux-firewall-connection-tracker-ip_conntrack/

So the answer to your question depends on the number of simultaneous connections your system has to deal with. If the number is very large, then the ClearOS defaults might not be big enough. The second url shows clearly how to check how much table space you are using, and also explains how to increase the limit if required...

update... so why not make the default bigger to start with? Well, like a lot of parameters - making larger eats more memory - so why make a table far too big and chew up memory that will never be used and increase the likelihood of swapping. That memory could be better utilized as a cache or ??? That is why tuning is so important to get the best from any system..