[pve-devel] Creating of a 2nd blacklist with many blocked IPs

Cesar Peschiera brain at click.com.py
Mon Oct 27 15:40:02 CET 2014


Hi Dmitry

Many thanks for the clarification.

But why i have the public IP addresses in IPv4 and IPv6 of all the countries 
of the world in only 3 MB. and you are complaining about lack of space by 
add only 130.000 IP addresses?


----- Original Message ----- 
From: "Dmitry Petuhov" <mityapetuhov at gmail.com>
To: "Cesar Peschiera" <brain at click.com.py>; <pve-devel at pve.proxmox.com>
Sent: Monday, October 27, 2014 10:54 AM
Subject: Re: [pve-devel] Creating of a 2nd blacklist with many blocked IPs


> 27.10.2014 16:15, Cesar Peschiera пишет:
>> @Dmitry:
>> Excuse me please, I did not express properly, what I meant is that with
>> 130.000 IP addresses and 1 rule in iptables, this rule will check 130.000 
>> IP
>> address, and in this case, i believe that this firewall will be very slow
>> due to that for each network packet, iptables will check a lot of IP
>> address. It is for this reason that other developers created this
>> "Xtables-Addons" for iptables.
> You're wrong. This is not how ipset works. 10 or 10.000 addresses in set, 
> it's almost same match speed.
> BTW, ipset was one of xtables-addons long ago...
>
>
> 




More information about the pve-devel mailing list