Hi the restore of a "bitmap:port" ipset with a lot of entries is *terrible* slow, when you add a port-range like 42000–42999 it ends in 999 "add PORTS_RESTRICTED" lines in the save-file and restore takes virtually ages the cpu-time below is the whole systemd-unit which restores iptables, ipset and configures the network with 3 nics, a bridge and wireguard why is this *that much* inefficient given that the original command with port ranges returns instantly? on a datacenter firewall that makes the difference of 5 seconds or 15 seconds downtime at reboot --------------------------- Name: PORTS_RESTRICTED Type: bitmap:port Header: range 1-55000 --------------------------- /usr/sbin/ipset -file /etc/sysconfig/ipset restore CPU: 9.594s - Number of entries: 5192 CPU: 6.246s - Number of entries: 3192 CPU: 1.511s - Number of entries: 53 --------------------------- 42000–42999 looks in /etc/sysconfig/ipset like below and frankly either that can be speeded up or should be saved as ranges wherever it's possible like hash:net prefers cidr add PORTS_RESTRICTED 42000 add PORTS_RESTRICTED 42001 add PORTS_RESTRICTED 42002 add PORTS_RESTRICTED 42003 add PORTS_RESTRICTED 42004 add PORTS_RESTRICTED 42005 add PORTS_RESTRICTED 42006 add PORTS_RESTRICTED 42007 add PORTS_RESTRICTED 42008 add PORTS_RESTRICTED 42009 add PORTS_RESTRICTED 42010 add PORTS_RESTRICTED 42011 add PORTS_RESTRICTED 42012 add PORTS_RESTRICTED 42013 add PORTS_RESTRICTED 42014 add PORTS_RESTRICTED 42015 add PORTS_RESTRICTED 42016 add PORTS_RESTRICTED 42017 add PORTS_RESTRICTED 42018 add PORTS_RESTRICTED 42019 add PORTS_RESTRICTED 42020 add PORTS_RESTRICTED 42021 add PORTS_RESTRICTED 42022 ---------------------------
