[pve-devel] Creating of a 2nd blacklist with many blocked IPs

[Dmitry Petuhov]

27.10.2014 0:31, Cesar Peschiera пишет:
> I guess that your firewall not be functioning optimally if you add the
> 130.00 rules in ipset, due to that for each network packet the firewall must
> do 130.000 checks.
What? Did you mean plain list of single-address rules? Because IPSET [http://ipset.netfilter.org/ipset.man.html] is extremely fast at searching on large lists of addresses.