On Sun, Jan 26, 2014 at 1:14 AM, Daniel Black <daniel.subs@internode.on.net> wrote:
On 01/26/2014 05:13 PM, Steve Murphy wrote:
> (another thing. Generating lots of new iptables rules
> did affect the mtr results while they were being inserted!)

I'd be interested in a benchmark on the iptables-ipset actions.

OK, I went to an ubuntu system and installed everything ipset, reading the docs
now. I'll happily re-run my tests in this regime and come up with some stats
on how fast they are added on the same system as the iptables/xt_recent stuff
for good comparisons. After a few minutes looking at the man pages, it looks
very interesting.



Steve Murphy
ParseTree Corporation
57 Lane 17
Cody, WY 82414
✉  murf at parsetree dot com
☎ 307-899-5535