On Thu, 11 Apr 2024, Le Chevalier wrote: > On 2024-04-11 14:39, Mason Kaufer wrote: > > I am currently trying to set up a firewall on an Ubuntu 22.04 machine > > that will block a list of 2 million plus ip addresses without slowing > > the network speed down tremendously. I have tried using ipset but I > > get an error that the hash size isn't large enough. I have tried > > manually setting the hash size but it only allows that option to be so > > large. Is there something I am doing wrong or is there a better way to > > achieve this? Any help with this would be much appreciated. There's no upper limit in the hash size (except that the number must fit into u32). On my laptop: # ipset n test hash:ip hashsize 10000000 maxelem 10000000 # ipset l Name: test Type: hash:ip Revision: 5 Header: family inet hashsize 16777216 maxelem 10000000 bucketsize 12 initval 0xc61d4797 Size in memory: 393392 References: 0 Number of entries: 0 Members: Please note, you must tune both hashsize and maxelem parameters in order to be able to store the given number of entries. Best regards, Jozsef -- E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
