On Tue, 2008-05-13 at 09:59 +0300, Eli Hadad wrote: > Hi all, > > I am new to iptables and have few question I hope you can help with: > 1. Is there a limit to the number of rules I can add to specific chain? > I need to have around 20000 rules. > 2. What is the performance implications of using this large number of > rules? Is there any numbers people can share. > 3. I also saw the HIPAC project which claim to have much better > performance. Is there any work done to integrate same type of > functionality into iptables? Google: hipac ipset Look at the first pdf link. It talks about performance and netfilter. It also addresses HIPAC and ipset. I would say that you want to look at ipset. Cheers, -- Matt Zagrabelny - mzagrabe@xxxxxxxxx - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Attachment:
signature.asc
Description: This is a digitally signed message part
