On 12/18/2009 4:12 PM, Peter Serwe wrote: > You can't patch the Berkeley Packet Filter into Linux. Linux kernel > doesn't support it. > > and... > > Despite a cacophonous chorus of replies directing you to the right tool > for the job, you insist on sticking with Linux. > > If you want to use the wrong tool for the job, by all means, use > ipset/iptables - have a great time with it. When it doesn't > give you the performance you want, then you will probably go buy > something else. > Or wrap it up using Shorewall or one of the other meta tools that manage the iptable chains for you.