On Sun, 2 Jan 2005, Brian Gunlogson wrote: > What is a reasonable way to match around 80000 IP ranges with iptables? If those are truly IP ranges, then there's no easy way - maybe nf-hipac can help you. If the ranges are really CIDR blocks, then ipset can help you: for same-sized CIDR blocks, you can use it immediately and can collapse the matching against to the 80000 CIDR blocks practically into a single match. If you have got different sized CIDR blocks, then a new maptype of ipset could be written to support it. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
