27.10.2014 16:15, Cesar Peschiera пишет:
@Dmitry:
Excuse me please, I did not express properly, what I meant is that with
130.000 IP addresses and 1 rule in iptables, this rule will check
130.000 IP
address, and in this case, i believe that this firewall will be very slow
due to that for each network packet, iptables will check a lot of IP
address. It is for this reason that other developers created this
"Xtables-Addons" for iptables.
You're wrong. This is not how ipset works. 10 or 10.000 addresses in
set, it's almost same match speed.
BTW, ipset was one of xtables-addons long ago...
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
