Hello! Yesterday i worked hard, and optimize iptables with mangle table, ipset and iproute.
We want mark addresses (located in ipset) which should routed to another host, and another packets via another gateway.
Thats rules give us minimal resourses to serve only online clients (dynamicaly walked in NAT server, not statical created in iproute2 – how it worked before).
Lets start. Continue reading →
Hello! Now i want to explain how to integrate ipset to iptables rule.
In this way if you have one hundred or higher identical rules your CPU will be overloaded (each packet will be checked in each rule)