Anyone who is interested in iptables performance will find Harris, Melara, Smith and Nico's "Performance analysis of the Linux firewall in a host" (2002) and Kadlecsik and Pásztor's "Netfilter Performance Testing" (2005). But what actually is the effect of a large rule set on performance?
The attached PDF I created is not an an exhaustive study of Netfilter performance but shows you Jperf data and pictures (joy!) for plain rule sets, ipset (iphash) and the iptables...