How expensive is it to process a head rule vs a regular rule?
I have a rather lengthy set of rules for a blacklist and have rule groups that breaks up a long list of CIDRs by their first octet. It's getting hairy trying to manage this growing list by hand so I wrote a script to automatically break up a long list of CIDRs with varying mask sizes into a "balanced" tree of rule groups where it partitions a list into two lists of roughly the same size, then recurses the algorithm on the sublists. One of the tweakable parameters I have is the theshold where I stop partitioning and just dump the list as a sequential set of rules, which depends on the relative cost of processing head rules vs regular pass/block rules. Joseph Tam <[email protected]>
