Regarding the performance of the lookup of the iptables rules for match inside the kernel, is there any plans to improve the behaviour or no plans in this area yet? For example on the transit gateway I have ~500 rules which mark the packet, according to the client source IP - with unique mark per client IP - so I have 500 unique marks there, and so cannot use IPSET, and only IPTABLES - but it's known that iptables insert/lookup is very slow on huge rulesets (atleat with iptables 1.3.x) and slowness progresses approximatelly exponentially on growth of rules number. Do I miss anything? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
