18 Dec
2009
18 Dec
'09
10:35 p.m.
On 12/18/2009 4:12 PM, Peter Serwe wrote:
You can't patch the Berkeley Packet Filter into Linux. Linux kernel doesn't support it.
and...
Despite a cacophonous chorus of replies directing you to the right tool for the job, you insist on sticking with Linux.
If you want to use the wrong tool for the job, by all means, use ipset/iptables - have a great time with it. When it doesn't give you the performance you want, then you will probably go buy something else.
Or wrap it up using Shorewall or one of the other meta tools that manage the iptable chains for you.