On 24/03/2020 18:26, Jerry Geis wrote:
it looks like it does work - it just takes a REAL long time to load with "many" entries in the file. iptables was never slow. firewalld seems inefficient. I was able to add the line - restart the firewall, (wait) - see my packets dropped - remove the line - restart the firewall (wait) and able to ping again. I thought this "Direct.xml" file would be the fastest way for firewalld - but there is multi-minute wait to restart. I have about 14000 entries.
I would think ipset would be a more suitable tool for the task in hand which can do the task instantly if you create and update a copy of your set and then swap the sets.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
