Hi All,
I'm using OpenWrt V18.06.1, and is there any configuration file or specification to know the limitation size of network ACL rules?
Thanks
Hi All,
I'm using OpenWrt V18.06.1, and is there any configuration file or specification to know the limitation size of network ACL rules?
Thanks
Are you asking about firewall usage? Two options, fw3 or you can use raw iptables commands to construct the strategy you want.
Hi Sparks,
Thanks for your information.
Is there any method to get/set the limitation size of firewall ACL rules by fw3 or iptables raw command?
Because i want to know the maximum ACL rules that user can add?
Thanks.
As far as I know, there is no hard limit, depends on your hardware and how many rules you have before performance would start to fall off. How many rules do you think you’ll need /what’s your use case?
If you need more than a couple hundred rules, you're likely to be doing things "wrong"
Ipsets also make things much simpler, you can test millions of IP addresses in one O(1) rule
Hi All,
Thank you for your kindly reply.
I'm using NXP LS1046A chip and based on OpenWrt 18.06.1.
How can i to get the kernel memory size for ACL rules or how to know the standard netfilter capabilities?
Thanks,
Have a quick read of the stackoverflow link that @vgaetera provided above. Per the top answer in that thread, the amount of memory needed per rule is dependent entirely on what the rule does..
But as per Jeff’s comment too, if you have more than a few hundred rules, chances are it’s not going to behave as you expected all the time (ie too complicated / unmaintainable)
I guess it might seem tedious, but it’s so much easier for us to help when the OP provides the full picture,
Can you provide a bit more detail on what you’re trying to accomplish?