On 2007-03-21, David Brown <david.brown@hesbynett.removethisbit.no> wrote:
>
> If you have large numbers of ip addresses, and want to apply the same
> rules to those addresses or ranges, then ipsets may be a better method.
> I haven't tried it myself as yet, but in my research for planning a
> new firewall and router, they looked like a much more efficient way to
> do exactly this sort of thing. You can also add or remove addresses to
> an ipset without changing your iptables rules - very useful if the
> iptables are generated by a script such as shorewall (it was via the
> shorewall website that I first read about ipsets).

Thanks for the suggestions. I have had this one from at least two other
sources. I appears to hold some promise. The other suggestion I have had
to look into using nf-hipac.

regards,
->HS

--
(Remove all caps,if any, from my email address to get the correct one.
Apologies for the inconvenience but this is to reduce spam.)