On Tuesday 09 August 2005 18:53, panca sorin wrote: > I have about 1650 preffered destination networks listed in some file. The > script read this file and marks every package for those networks with > the mark value of 1. If you have a lot of IPs in this list, a hashed approach might work faster. See LARTC Howto, 12.4 Hashing filters. Although it describes tc filters, approach should be similar for iptables. Furthermore, using CONNMARK might speed things up. With it, you can skip testing packets of connections that already matched (and, if used right, you can also skip packets of connections that don't match as well). There are also patches that allow bitwise modification of mark values. You can get this stuff from www.netfilter.org, the patches are in pom-ng. HTH Andreas _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
