I have a whole bunch of ips/cidrs that I want to apply the rule to.
Is there any way to insert one rule where the -s would be able to look up a table (btree/hash/cdb whatever) that contains those ips/cidrs instead of insert gazillion rules?
Yes, you can use either the ippool or the ipset extensions. ippool is capable to store up to the number of IP addresses of a full B class network. ippool can store network addresses as well and supports random adressess/networks too.
lovely.
when will ipset be available in 2.6?
I presume ippool is going to become obsolete?
