On Tuesday 2013-01-15 07:32, 叶雨飞 wrote: >Hi, > >Is anyone here have experience on connnlimit performance? I am >trying to use it to limit connection per dest IP (about 1K of them ) >on a 100Mbps firewall. (without only about 70k connections) and as >soon as put this rule in, cpu usage sky raise. connlimit uses a fixed hash table of 256 buckets and thus a lot less optimal than hashlimit's default table-size of 4096 buckets (assuming a machine with >= 1 GB RAM and 64-bit kernel). -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
