Re: loading huge number of rules in iptables (blocklist)

Ron Johnson wrote:
On 03/21/07 10:52, H.S. wrote:
H.S. wrote:

Now, currently, there are around 151,000 ipranges listed in level1.gz
to block. So the above function's loop goes over these many times
inserting the rules for each range. And this is taking huge amount of
time: in over 50 minutes, only around 12% rules have been loaded on my
router running Etch (Pentium III, 449MHz, 380 MB RAM).

How can I speed this up? Advice?


Anyone ... ?

That's a whole lotta rules.  I'm not surprised that iptables doesn't
scale that well.

Yes. The experiment shows that this is not going well. I was wondering if there are any alternatives. I currently have around 80,000 rules now inserted, and the process is still continuing more than 17 hours later! However, my internet connection seems to be holding up without any noticeable performance cut so far.


Reply to: