firewalld with HUGE list of ip to drop
ubuntu-users-list at thomas.freit.ag
ubuntu-users-list at thomas.freit.ag
Mon Apr 15 15:57:03 UTC 2024
Hi Jerry,
On 13.04.24 23:10, Jerry Geis wrote:
> THanks All for the suggestions - I did get ipset to work.
> firewalld - took 20 minutes load all the rules and impacted - network
> performance
> ipset loads all the same rules in 1 min 20 seconds - network performance is
> not impacted.
Good to hear that.
> I did see "hints" that ipset may be going away - is there any truth to that
> ? I could not find anything definite ?
I did not come across this in Ubuntu (or Debian), however ipset/iptables is a rather old technique
with successors already in place. Some distros start deprecation already. If you keep firewalld,
this should not be a big issue, because it is capable of different backends instead of iptables you can
easily use nftables (maybe you use it already). Most modern stack is eBPF (which was described in the
benchmark in the link I provided earlier).
Regards,
Thomas
More information about the ubuntu-users
mailing list