Hello list, Besides connection limits, shouldn't it be possible to place the various subnet rules in a sort of balanced/optimized tree to decrease the access time? Are there tools available for that, that use e.g. the DROP log entries from an unbalanced list to optimize the tree (like huffman-encoding for data streams)? Can ipset do that? Roman -- Roman Fiedler Safety & Security Department Information Management & eHealth AIT Austrian Institute of Technology GmbH Reininghausstraße 13/1 | 8020 Graz | Austria T +43(0) 316 586570-63 | M +43(0) 664 8251194 | F +43(0) 316 586570-12 roman.fiedler@xxxxxxxxx <mailto:roman.fiedler@xxxxxxxxx> | http://www.ait.ac.at <http://www.ait.ac.at/> http://www.ait.ac.at/eHealth/ <http://www.ait.ac.at/eHealth/> FN: 115980 i HG Wien | UID: ATU14703506 This email and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient, please notify the sender by return e-mail or by telephone and delete this message from your system and any printout thereof. Any unauthorized use, reproduction, or dissemination of this message is strictly prohibited. Please note that e-mails are susceptible to change. AIT Austrian Institute of Technology GmbH shall not be liable for the improper or incomplete transmission of the information contained in this communication, nor shall it be liable for any delay in its receipt. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
