Best guess on how iptables will perform with thousands of rules?
Anyone have experience with very large rulesets?
My current iptables ruleset forwards several hundred IP ranges to a different port.
But that ruleset is about to increase into the thousands and with time will grow into the tens of thousands.
I don't want to optimize prematurely, but I'm hesitant to add several thousand ranges without knowing what kind of impact it will have.
Does anyone have experience in this area, or can suggest some means of benchmarking the performance impact?
Sidenote: aside from the port forwarding for the aforementioned ranges, there are no other rules except for a handful of ACCEPTs.
* running Debian 6 with a 2.6.39 kernel.