By this I mean something such as IPSet at “http://ipset.netfilter.org/”. Lets say you have multiple abusive ips, you can create a ip setlist of the ips, and apply to a classifier rather than having to create a separate classifier per ip.
Lets say you have 30 ips abusing ftp, causing floods. Normally you’d need to create a separate classifier rule for each individual ip, causing a vary large list, each having the same L7 classifier for FTP, but you’d need 30 different classifier rules.
With ipset you can create an ipset named “FTP Abusers”, then add all 30 ips to it, and then you can create 1 classifier, and point it to that ipset list, eliminating 29 other classifiers!