The amount of rules that you add on the firewall will affect server performance of course, because each packet that arrives to your server will be compared by linux kernel with every firewall rule. But there is some performace tips for that process.
there is no theoretical limitation for put 5000 rules on linux, but to filter by using another criteria like subnets as servertechs mentioned is more efficient.
- firewall by subnets,
- sort firewall rules according to marching chance, most matched rules before others.
- compile kernel with iptables built in, not as a module.
- erease logging rules (not recommended if you need auditing, but improve the performance)
Firewalls sort through the list sequencally for a match to the rule before permitting or denying.
If you have this
You see the packet from 22.214.171.124 has had to go through 3 rules before being permitted. Unless the 5000 can be grouped to a small ammount of subnets I would be very careful implementing that. This is a simplefied example but you see the point.