Performance Evaluation and Modelling of the Linux Firewall Under Stress Test

  • Nikita GandotraEmail author
  • Lalit Sen Sharma
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 597)


Iptables is a stateful packet filtering firewall in Linux that monitors ingress and outgress traffic. The filtering is performed based on rules which are conditions predetermined by the network administrators. This paper investigates the performance of Iptables with different rule sizes (200, 500, 1000, 5000 and 10,000) and high traffic rates for different time durations. An experimental set-up is established for evaluating the performance of Iptables under stress by varying the packet rates from, viz., 1000 to 8000 PPS and different time durations (30–120 s). The performance is recorded on key parameters: CPU utilisation, response rate, packet dropped, packet processing time, throughput and bandwidth. These parameters reflect the sensitivity of the firewall for managing high rates of network traffic. ClassBench is used to generate rule sets of different sizes that imitate the real-life rule sets, and the network traffic is generated by DITG, a traffic-generating tool. Finally, a mathematical model is developed that can estimate the performance of the firewall in different traffic scenarios. Also, the proposed model is tested by performing validation tests on real test bed and shows less than 10% relative error.


Iptables Netfilter DITG Rule set ClassBench Packet rate 


  1. 1.
    Netfilter Project, [Online]. Available: Accessed 1 Oct 2017
  2. 2.
    Su, W., Xu, J.: Performance evaluations of Cisco ASA and Linux Iptables firewall solutions (May 2013)Google Scholar
  3. 3.
    Iptables, [Online]. Available: Accessed 7 Sept 2017
  4. 4.
    Andreasson, O.: [Online]. Available: (2001)
  5. 5.
    Taylor, D.E., Turner, J.S.: Classbench: a packet classification benchmark. IEEE/ACM Trans. Networking 15(3), 499–511 (2007)CrossRefGoogle Scholar
  6. 6.
    Avallone, S., Guadagno, S., Emma, D., Pescapè, A., Ventre, G.: D-ITG distributed internet traffic generator. In: First International Conference on the Quantitative Evaluation of Systems (QEST ’04), Enschede, The Netherlands, 27–30 September 2004Google Scholar
  7. 7.
    Diekmann, C., Hupel, L., Michaelis, J., Haslbeck, M., Carle, G.: Verified Iptables firewall analysis and verification. J. Autom. Reasoning (2018).
  8. 8.
    Gouda, M.G., Liu, A.X., Structured firewall design. Comput. Netw. 51(4), 1106–1120 (2007)Google Scholar
  9. 9.
    Acharya, S., Wang, J., Ge, Z., Znati, T.F., Greenberg, A.: Traffic-aware firewall optimization strategies. In: Proceedings of IEEE ICC (2006)Google Scholar
  10. 10.
    El-Atawy, A., Samak, T., Al-Shaer, E., Li, H.: Using online traffic statistical matching for optimizing packet filtering performance. In: Proceedings of IEEE INFOCOM (2007)Google Scholar
  11. 11.
    Trabelsi, Z., Zeidan, S., Masud, M.M., Ghoudi, K.: Statistical dynamic splay tree filters towards multilevel firewall packet filtering enhancement. J. Comput. Secur. Elsevier 53, 109–131 (2015)Google Scholar
  12. 12.
    Saadaoui, A., Souayeh, N.B.Y.B., Bouhoula, A.: Automatic detection and correction of firewall misconfigurations—a formal approach. In: The 8th International Symposium on Symbolic Computation in Software Science 2017 (SCSS 2017) (2017)Google Scholar
  13. 13.
    Hoffman, D., Prabhakar, D., Strooper, P.: Testing Iptables. In: Proceedings of the 2003 Conference of the Centre for Advanced Studies on Collaborative research (CASCON ’03), Toronto, Ontario, Canada, 6–9 Oct 2003Google Scholar
  14. 14.
    Niemann, R., Pfingst, U., Gobel, R.: Performance evaluation of Netfilter: a study on the performance loss when using Netfilter as a firewall. In arXiv preprint arXiv:1502.05487, 19 Feb 2015
  15. 15.
    Wang, C., Zhang, D., Lu, H., Zhao, J., Zhang, Z., Zheng, Z.: An experimental study on firewall performance: dive into the bottleneck for firewall effectiveness. In: Proceeding of IEEE 10th International Conference on Information Assurance and Security (IAS), 978-1-4799-8099-4114 (2014)Google Scholar
  16. 16.
    Salah, K., Elbadawi, K., Boutaba, R.: Performance modelling and analysis of network firewalls. IEEE Trans. Netw. Serv. Manage. 9(1), 12–20 (2012)CrossRefGoogle Scholar
  17. 17.
    Lyu, M.R., Lau, L.K.Y.: Firewall security: policies, testing and performance evaluation. In: Proceedings of 2000 IEEE International Computer Software and Applications ConferenceGoogle Scholar
  18. 18.
    Sheth, C., Thakker, R.: Performance evaluation and comparative analysis of network. In: Proceedings of IEEE ICDeCom (2011)Google Scholar
  19. 19.
    Hayajneh, T., Mohd, B.J., Itradat, A., Quttoum, A.N.: Performance and information security evaluation with firewalls. Int. J. Secur. Appl. 7(6), 355–372 (2013)Google Scholar
  20. 20.
    Cheminod, M., Durante, L., Maggiora, M., Valenzano, A., Zunino, C.: Performance of firewalls for industrial applications. In: Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research (2016)Google Scholar
  21. 21.
    Beyene, Y., Faloutsos, M., Madhyastha, H.V.: SyFi: a systematic approach for estimating stateful firewall performance. PAM 2012, LNCS 7192, pp. 74–84 (2012)Google Scholar
  22. 22.
    Botta, A., Donato, W., Dainotti, A., Avallone, S., Pescapé, A.: [Online]. Available: Accessed 16 Nov 2017
  23. 23.
    Mishra, S., Sonavane, S., Gupta, A.: Study of traffic generation tools. Int. J. Adv. Res. Comput. Commun. Eng. (IJARCCE) 4(6) (2015)Google Scholar
  24. 24.
    Melara, A.J.: Performance analysis of the Linux firewall in a host. San Luis Obispo, June 2002Google Scholar
  25. 25.
    IBM SPSS Software, IBM, [Online]. Available: Accessed 25 Feb 2018

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Computer Science & ITUniversity of JammuJammuIndia

Personalised recommendations