On 03/24/2014 09:07 AM, Per Jessen wrote:
Stefan Gofferje wrote:
The more interesting question is, where do I put the rules as intelligently as possible? I want to block the IPs for INPUT (to the fw host itself) as well as for FORWARD, but simply pushing the rules twice, once into each chain, appears a huge waste of mem to me (those are quite a couple of rules...).
Do you need the memory for anything else ? :-)
Well, those are REALLY many rules! We're talking about several hundred networks here! As the fw is running in a VM, I'd like to not waste mem. Besides, I'd also like to find the most elegant solution :). -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface