In nftables, I'd like to apply a rule or set of rules to a very large number of IP addresses and subnets and looking for the recommended best practices for that: Should I make a new chain with one address or subnet per rule, should I use a dictionary, or should I try using a set, or does it matter? The list would be read at boot but not usually updated much between boots. Which method would operate most efficiently once the addresses and subnets are loaded? /Lars
