Sometime you need to block really big numbers of IP addresses. It could be for different reasons. For example, in case of password bruteforce, DDoS attack. Of course, you can block them just in iptables. But there can be a problem. If set of IP addresses contain thousands of items iptables performance decreases (actually, performance…