IPSET/NETSET support in HOST_OPEN_TCP #84
Comments
|
The NETSET feature using You would have to create the functionality via code in |
|
I understand that the current netset/ipset implementation in AIF is only used as blocklist. What I am basically looking for is a possibility to open a port to a defined (number of) IP range(s). From my experience adding large amount of IP ranges in the firewall will create a large amount of iptables rulesets, resulting in considerable (re)loading times. netset/ipset hashing seems like the way to go to handle these amounts of ip ranges. I am not enough an expert on the matter to know if this is possible at all or that ipset/netset was designed only to block ip ranges instead of also allowing them. |
Is it possible to use NETSET in combination with HOST_OPEN_TCP?
The use case is allowing for example certain mobile provider IP ranges to connect to a port instead of the whole internet.
This should be much faster with NETSET compared to regular IPTABLES rules?
The text was updated successfully, but these errors were encountered: