[Suggestion] Increase or remove the 10,000-line limit for IP lists #1271
Description
What would you like to be added or improved?
What would you like to be added or improved?
I am requesting to significantly increase or completely remove the hard-coded limit of 10,000 entries per IP list (IP sets).
Ideally, the system should:
Support much larger datasets (at least 100k–500k entries) to accommodate modern threat intelligence feeds.
Provide a more flexible way to handle large-scale blacklisting without degrading performance.
Why is it needed?
The current 10,000-line restriction creates several critical bottlenecks for production environments:
Incompatibility with Threat Feeds: Most professional security feeds (reputation lists, botnet IPs, known malicious actors) contain tens or hundreds of thousands of entries. The current limit makes it impossible to use these feeds effectively.
Manual Fragmentation ("Crutches"): To circumvent the limit, we are forced to develop custom scripts to split large lists into multiple smaller ones. This adds unnecessary complexity to the CI/CD pipeline and increases the chance of configuration errors.
Management Overhead: Managing 10 lists of 10k lines is significantly harder than managing one consolidated list of 100k lines. It clutters the UI and makes firewall rule logic harder to read and audit.
Modern Hardware Capabilities: Given modern memory and CPU capacities, a 10k limit feels like an outdated constraint that doesn't reflect the needs of high-traffic applications facing global-scale attacks.