anytime where you can use chains to jump from and not have to go through a massive list its a good thing... id take the later option -- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer On Fri, Mar 5, 2010 at 8:17 AM, Dennis J. <dennisml@xxxxxxxxxxxx> wrote: > Hi, > I'm wondering what the most efficient way to implement a blocklist is. We > are basically talking about blocking a few thousand IPs. Does iptables do > some internal optimizations when blocking based on a source address or would > it be better to, say, create a chain for each class A net (e.g. 83.0.0.0/8) > and then add the IPs in that range to that class to make the matching more > efficient? > > Regards, > Dennis > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
