The geoip target uses a bisection search, so the US database's
19000-something entries are testable in roughly 15 steps.
Since it does not need any extra structures, it only takes as much
kernel memory as the .iv0 file on disk.
I was much more interested in the performance of xtables/geoip vs ipset
rather than how much memory it uses.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
