search for: ipportiphash

...traffic (FORWARD chain) when the number of iptables rules that use ipprotiphash ipset matching exceeds 24 rules. This happens even when the ipsets themselves are empty or have just a few entries each. The following is a striped down example to demonstrate the potential issue: - create X number of ipportiphash ipsets: ipset -N UDP-x ipportiphash --network 129.129.0.0/22 where x is from 1 to X - add X number of iptables rules each of which matching on one of the above created ipsets: iptables -I FORWARD 1 -m set --match-set UDP-x src,src,dst -j ACCEPT; where x is from 1 to X When X is up to 24 (i.e. 24 i...