---------- Forwarded message ---------- From: Mistick Levi <gmistick@xxxxxxxxx> Date: 2010/5/12 Subject: Re: iptable how many rule can manage iptable To: Mamadou Touré <e2ia.ci@xxxxxxxxx> Cc: netfilter@xxxxxxxxxxxxxxx Hi, You could use the hosts files (/etc/hosts.deny .. hosts.allow ) in order to do so, Im not sure what will be a greater performance penalty, setting a tons of rules or the hosts file, because after you edit the hosts file , every query of dns will go through this long list before going out to the dns server.... put it to the test? 2010/5/12 Jan Engelhardt <jengelh@xxxxxxxxxx> > > On Wednesday 2010-05-12 20:05, Mamadou Touré wrote: > > >Hi thank you for your reply. > >how could i evaluate the quantity of memories. > >for example of 1 000 000 rules what quantity should i have a least. > > If you use `iptables -vvS`, you see: > > libiptc vlibxtables.so.4. 5332 bytes. > > Which is the size of the current table. Multiply that by NR_CPUS > (from /proc/config) to get what it's taking up (we're on to reducing > that). > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
