i tried dumping firewall rules and i found 3.4M of rules.
On closer inspection , it is because enable UDP port forward for a WebRTC video conf app we developing.
ports:
- description: ""
protocol: udp
listen_port: 443,3000-60000
target_port: ""
target_address: 10.xx.xxx.xx
it have over 50000 lines of
-A POSTROUTING -s 10.xx.xx.xx/32 -d 10.xx.xx.xx/32 -p udp -m udp --dport 4000 -m comment --comment "generated for LXD network-forward lxdbr1" -j MASQUERADE
.....
-A POSTROUTING -s 10.xx.xx.xx/32 -d 10.xx.xx.xx/32 -p udp -m udp --dport 60000 -m comment --comment "generated for LXD network-forward lxdbr1" -j MASQUERADE
why not --match multiport --dports 4000:60000
Why spamming iptables like that? i