Re: Using iptables and ipset to DROP a list of 2 million addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2024-04-11 14:39, Mason Kaufer wrote:
Hi,
I am currently trying to set up a firewall on an Ubuntu 22.04 machine
that will block a list of 2 million plus ip addresses without slowing
the network speed down tremendously. I have tried using ipset but I
get an error that the hash size isn't large enough. I have tried
manually setting the hash size but it only allows that option to be so
large. Is there something I am doing wrong or is there a better way to
achieve this? Any help with this would be much appreciated.
--
Mason Kaufer

Look at the 'list:set' feature. I have not tested this myself, but from the description it may act as a compound list.

https://ipset.netfilter.org/features.html


~Forza





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux