tomsk

Asked: 2018-09-08 00:44:12 +0800 CST2018-09-08 00:44:12 +0800 CST 2018-09-08 00:44:12 +0800 CST

GeoIP vs IPset performance in iptables

I would like to ask you what is faster in term of performance GeoIP or IPset.

Let me explain, imagine that I have rule:

iptables -A INPUT -m geoip ! --src-cc US,UK,CA -j DROP

And imagine that I have IPset of hash:net and I put all these IPs (from US, UK and CA) into hash:net country_whitelist set.

iptables -A INPUT -m set --match-set country_whitelist src -j ACCEPT

What is faster? GeoIP or IPset? We know that IPset is fast because it uses hash table (for hashes), but I don't know how does GeoIP work, if it isn't like 1 subnet for 1 rule.

GeoIP vs IPset performance in iptables

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

GeoIP vs IPset performance in iptables

0 Answers