Windows version 2.03 using 100% CPU
Brought to you by:
mikehorn
Menu
▾
▴
I have installed FWBuilder 2.03 on Win2003 Server, and fwbuilder.exe using 100 % CPU during change& save, and ipt_fwb using 100 % CPU during compile. This is a big problem, when I compile a ruleset w/shadow that take 25 minuts. Any hints ?
perhaps you have a large policy with lots of objects. Detecting rule shadowing takes a while when compiler needs to go over thousands of combinations of objects in source, destination and service. Why did you install it on the server ?
Yes we have a lot of objects and at the moment 122 Rules in Global + about 25 NAT. Reason to have it on a Win2003 Terminalserver, are that more than one are managing the Firewalls. Fwuilder are the best tool to manage iptables and not everybody like X, sorry ;-)
you could install it on workstations your administrators use rather than on the server. Currently the only way to speed up compilation is to simplify rules or turn shadowing detection off. I'll try to look at the ways to improve performance once 2.0.4 is released, but I am afraid it is going to be difficult.