* Mike Ireton (mike-netfilter@xxxxxxxxxxxxxxxxxx) wrote: > My question for the iptables hackers is - am I being silly by trying to > peform accounting this way, and does netfilter already implement effecient > internal hashing that destroys my presumption about a long list of rules > resulting in linear table lookups? I would assume that netfilter does hash > where it can, but filtering rules have a second key to worry about - > namely, their order in the list is relevent, which makes me think > netfilter would have to do the linear lookup. As it turns out you're not alone in wanting to do things along those lines. Someone actually modified my ipt_recent module to track accounting information per-IP address. There's a 'new' ippool out there for which a mini-module which did this could probably be written. I'm afraid the existing iptables setup would be slow if you tried to do it in the way you're describing, especially since you'd have to do it for every packet. What's your time frame for needing something? Stephen
Attachment:
pgp00417.pgp
Description: PGP signature
