Iptables is really just the userspace front-end for the linux firewall which is netfilter. Netfilter is really a system of hooks in the kernel around packet processing. Each packet is processed by the kernel by triggering an interupt. Whether your kernel balances interrupts across multiple CPUs depends on how old it is. See this thread on StackOverflow about it. https://stackoverflow.com/questions/7467688/netfilter-hooks-on-multi-core-system
As Nils mentioned, these interrupts wouldn't be balanced on a per-packet basis. They'd be balanced per IRQ (per interface) or possibly moved altogether to different CPU if one became too busy.
Iptables is really just the userspace front-end for the linux firewall which is netfilter. Netfilter is really a system of hooks in the kernel around packet processing. Each packet is processed by the kernel by triggering an interupt. Whether your kernel balances interrupts across multiple CPUs depends on how old it is. See this thread on StackOverflow about it. https://stackoverflow.com/questions/7467688/netfilter-hooks-on-multi-core-system
As Nils mentioned, these interrupts wouldn't be balanced on a per-packet basis. They'd be balanced per IRQ (per interface) or possibly moved altogether to different CPU if one became too busy.