Dariush Pietrzak пишет:
Are there any problems with running a IPtables firewall using ipset
functionality on the hardware node?
Haven't encountered any yet, but I'm not using it very heavily right now.
Did you look at nfqueue ?
what is the relation?
nfqueue is a flexible userspace packet handler which uses the netfilter
netlink-queue library (kernel 2.6.14 or later). It filters by IP address.
It is optimized for thousands of rules (IP ranges) and is quite fast.
Afaik ipset is not really stable, also it require patching a
why do you think it's not 'really stable', can you point me to some
recent/unsolved problems?
Some peoples reported about bugs.
(rus forum) http://www.opennet.ru/openforum/vsluhforumID1/79530.html
patching a kernel...This is a big reason to not use ipset module.
very funny comment for someone using openvz ;),
May be. But I don't patch a kernel himself. Instead this I use
prebuilded by paralles team kernel packages.
I don't want spend my time for patching and maintain custom kernel on
each my server.
_______________________________________________
Users mailing list
[email protected]
https://openvz.org/mailman/listinfo/users
