Matching each packet with many hostnames using a separate rule for each hostname is very inefficient.
I propose to use a mechanism similar to ipsets - the hostsets. A "hostset" is like an ipset (tree-based), but contains the host name, rather than ip-addresses. The content of the hostset can be manipulated using the /proc filesystem.
Lochnair
commented
5 years ago
Matching each packet with many hostnames using a separate rule for each hostname is very inefficient.
I propose to use a mechanism similar to ipsets - the hostsets. A "hostset" is like an ipset (tree-based), but contains the host name, rather than ip-addresses. The content of the hostset can be manipulated using the /proc filesystem.