Hi theere, On Sat, 19 Apr 2008, Jesse Harris wrote: > Recently I have needed to block a large list of ip address ranges. > Firstly, I'm not sure if iptables is really suited to this, I don't > know how long it takes for a packet to be parsed down a very long list > of chains. I wouldn't use long lists of iptables rules for this, I'd use ipsets. > Has anyone used iptables in this way before? > PS, there are about 2033 ip ranges to be blocked. Using ipsets I routinely block 40,000+ networks (mostly /24) on very modest hardware. -- 73, Ged. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
