hi!
I am trying to make use of a large number of rules
with iptables.
I have seen there are some optimizations referenced
like nf-HiPAC (www.hipac.org) , iptables with
classifiers (www.geocities.com/hamidreza_jm) which
appearently can deal with thousands of rules (thats
what i need).
I want per flow (orig addr,dst addr, orig port, dst
port, proto) filtering thats why i don´t think i can
use ipsets (or can i?)
I also would like to have the nice iptables features
like mangle table and counters ..
I dont really understand what the conntrack does, or
if it can somehow helpme (where is the nice
documentation about this??)
What is the netfilter preferred way to have a large
set of rules and still do packet filtering? are
HiPAC, iptables with classifiers or any other
solution
actual?
is there a howto,manual,some kind of
documentation, all that I find about this are quite
old (3 years?) material in the mailing list ... Is
this problem already solved? what was the solution
taken?
well if you could answer any of this questions i
would
be very thankful
Alberto Diez
______________________________________________
Enviado desde Correo Yahoo!
Disfruta de una bandeja de entrada más inteligente. http://es.docs.yahoo.com/mail/overview/index.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
