We've done some initial testing of the iprange patch and are thrilled with it. However, is it any more processing intensive to use an iprange match than to use the standard source or destination match, i.e., -s rather than -m iprange --iprange --src/dst-range? Thanks- John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
