[pve-devel] Creating of a 2nd blacklist with many blocked IPs
Dmitry Petuhov
mityapetuhov at gmail.com
Mon Oct 27 14:54:52 CET 2014
27.10.2014 16:15, Cesar Peschiera пишет:
> @Dmitry:
> Excuse me please, I did not express properly, what I meant is that with
> 130.000 IP addresses and 1 rule in iptables, this rule will check
> 130.000 IP
> address, and in this case, i believe that this firewall will be very slow
> due to that for each network packet, iptables will check a lot of IP
> address. It is for this reason that other developers created this
> "Xtables-Addons" for iptables.
You're wrong. This is not how ipset works. 10 or 10.000 addresses in
set, it's almost same match speed.
BTW, ipset was one of xtables-addons long ago...
More information about the pve-devel
mailing list