Andi Kleen wrote:

>The main motivation is actually not to save the memory (that's just
>a useful side effect), but increase the max limit on 64bit systems.
>Fixing it fully will require fixing vmalloc of course, but it already
>help. Without it you can't get more than ~3800 rules
>on a 64bit system with NR_CPUS==128 and 128 byte cache lines.
>
Thanks Andi, I've added the patch to my 2.6.12 tree. I've also made the
same change in arp_tables, ip6_tables and ebtables for consistency.

Regards
Patrick