Andrei POPESCU wrote: > On Lu, 13 iul 20, 18:41:39, Ross Boylan wrote: > > > > The interface has a pre-up script that has over 1,000 iptables add lines > > for blacklists, and I suspect this is slowing things down enough to cause > > trouble. I was not having problems when the script was shorter. > > P.S. as far as I understand nftables should handle these much better > than iptables. May or may not help with your actual problem.
iptables is currently a frontend to nftables. The way to handle a giant blocklist efficiently is ipset, which manipulates large groups of IPs that will be matched for a particular rule. -dsr-