[Users] Hardware node - Iptables firewall with ipset

Martin Wheldon mwheldon at googlemail.com
Tue Mar 24 11:23:43 EDT 2009

My thoughts were to utilise it as a method of dealing with bogon
networks so there wouldn't be thousands of entries.
But there would be a significant number.

Guess I'll have to test it and find out...


2009/3/24 Dariush Pietrzak <ml-openvz-eyck at kuszelas.eu>:
>> Does this mean you are using it on production machines, just not
>  I'm using it on production machines, but am not using it extensively, so
> basically it was just sitting almost idle since ~1 year, I was planning on
> reconfiguring systems to start reaping ipset's benefits in few months, but
> since Sergey suggested there might be some hidden problems there, I would
> have to schedule more extensive tests.
>  If the problem Sergey pointed to is real ( if the memory ran out on that
> machine due to memory leak in ipset and not due to the fact that he was
> loading millions of rules into that machine ), I wouldn't have noticed it.
> --
> Key fingerprint = 40D0 9FFB 9939 7320 8294  05E0 BCC7 02C4 75CC 50D9
>  Total Existance Failure
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users

More information about the Users mailing list