Hello,

i wanted to ask if there is anyone who tried to block lets say 100,000 500,000 or 10,000,000 IP entries in IPtables?

How slow it is and which issues one will face?

I assume one thing is RAM usage, unsure how to calculate/estimate it
But bigger issue might be increased time for the server to respond to the connections or starting iptables itself after server reboot? Anyone metered this please?

------------

Here are some interesting images:


Does it mean that 50,000 rules = around 15ms delay? if so, 350,000 rules would be 0,1 second delay.


There it seems to be similar, around 10ms per like 50K rules in case of iptables, ipsets are much faster.