On 24/03/2020 18:26, Jerry Geis wrote:
it looks like it does work - it just takes a REAL long time to load with
"many" entries in the file.
iptables was never slow. firewalld seems inefficient.
I was able to add the line - restart the firewall, (wait) - see my packets
dropped - remove the line -
restart the firewall (wait) and able to ping again.
I thought this "Direct.xml" file would be the fastest way for firewalld -
but there is multi-minute wait to restart. I have about 14000 entries.
I would think ipset would be a more suitable tool for the task in hand
which can do the task instantly if you create and update a copy of your
set and then swap the sets.
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
