MOAB for the hEX and the HAP AC2 currently has 7692 ipset entries … the performance hit on the hEX is close to 13% while the HAP AC2 the performance hit is 8%.
For Your Information MOAB for the hEX and the HAP AC2 consists of the following 3 lists that are combined and any duplicates removed.
firehol_level1.netset’ 620,083,167 unique IPs [changes take place every minute]
firehol_webclient.netset 3,777 unique IPs
firehol_webserver.netset 34,672,171 unique IPs
You can go to http://iplists.firehol.org/ and check for yourself how many ip addresses are contained therein … nothing misleading whatsoever.
Currently the size of the MOAB RSC file for the hEX and the HAP AC2 is 329,503 bytes. MOAB changes 3 times each day 8 hours apart depending on adds/deletions that take place dynamically – so whatever changes takes place are caught at each 8 hour interval by my monitoring system
No hEX or HAP AC2 MOAB user has complained of ANY performance issue using MOAB over the past 18 months.
No MikroTik Router MOAB users have complained of ANY performance issue using MOAB over the past 18 months …
For MikroTik Routers like the RB3011, RB4011, RB1100, and all CCR models MOAB RSC file size is currently 2,029,080 bytes that includes the following lists scrubbed to remove duplicate entries:
firehol_level1.netset
firehol_level2.netset
firehol_level3.netset
firehol_webclient.netset
firehol_webserver.netset’
Key POINT to understand about an ipset: ipset is an extension to iptables that allows you to create firewall rules that match entire “sets” of addresses at once. Unlike normal iptables chains, which are stored and traversed linearly, IP sets are stored in indexed data structures, making lookups very efficient, even when dealing with large sets … works remarkable well under RouterOS starting with the hEX, HAP AC2 and all the Router models mentioned above..