> There have been a few changes regarding insertion speed. Even if one > has 500 rules (see that URL), they can probably be optimized using > IPMARK or chaintrees. I was thinking more along the lines of >100k rules. Iptables can easily handles those numbers at the moment, it's just a bit awkward to deal with. By chaintrees I presume you mean trees of iptables chains and not some sort of tool named this way? > Also, one should use iptables-restore for > updates, at least when changing more than one rule in a go. Lots of > people fail to actually use it. To be sure, but I am also interested in improving the time required to find to correct chain given 1000s or 10000s of ip to chain mappings and of course the usability of a construct like that. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
