diff --git a/Makefile b/Makefile
index 0c34b4a5..1012eacc 100644
--- a/Makefile
+++ b/Makefile
@@ -17,9 +17,9 @@ LD_OPTS_VARS=\
 -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=$(BUILD_TAG)
 
 ifdef BUILD_STATIC
-	export LD_OPTS=-ldflags "-a -v -s -w -extldflags '-static' $(LD_OPTS_VARS)" -tags netgo
+	export LD_OPTS=-ldflags "-a -s -w -extldflags '-static' $(LD_OPTS_VARS)" -tags netgo
 else
-	export LD_OPTS=-ldflags "-a -v -s -w $(LD_OPTS_VARS)"
+	export LD_OPTS=-ldflags "-a -s -w $(LD_OPTS_VARS)"
 endif
 
 PREFIX?="/"
diff --git a/config.go b/config.go
index 3555858c..48c65dd6 100644
--- a/config.go
+++ b/config.go
@@ -52,6 +52,7 @@ type bouncerConfig struct {
 	BlacklistsIpv4  string    `yaml:"blacklists_ipv4"`
 	BlacklistsIpv6  string    `yaml:"blacklists_ipv6"`
 	SetType         string    `yaml:"ipset_type"`
+	SetSize         int       `yaml:"ipset_size"`
 
 	// specific to iptables, following https://github.com/crowdsecurity/cs-firewall-bouncer/issues/19
 	IptablesChains          []string `yaml:"iptables_chains"`
@@ -121,6 +122,10 @@ func newConfig(reader io.Reader) (*bouncerConfig, error) {
 		config.SetType = "nethash"
 	}
 
+	if config.SetSize == 0 {
+		config.SetSize = 65536
+	}
+
 	switch config.Mode {
 	case NftablesMode:
 		err := nftablesConfig(config)
diff --git a/iptables.go b/iptables.go
index a3f95380..e8dfa295 100644
--- a/iptables.go
+++ b/iptables.go
@@ -34,6 +34,7 @@ func newIPTables(config *bouncerConfig) (backend, error) {
 		version:          "v4",
 		SetName:          config.BlacklistsIpv4,
 		SetType:          config.SetType,
+		SetSize:          config.SetSize,
 		StartupCmds:      [][]string{},
 		ShutdownCmds:     [][]string{},
 		CheckIptableCmds: [][]string{},
@@ -44,6 +45,7 @@ func newIPTables(config *bouncerConfig) (backend, error) {
 		version:          "v6",
 		SetName:          config.BlacklistsIpv6,
 		SetType:          config.SetType,
+		SetSize:          config.SetSize,
 		StartupCmds:      [][]string{},
 		ShutdownCmds:     [][]string{},
 		CheckIptableCmds: [][]string{},
diff --git a/iptables_context.go b/iptables_context.go
index 297b0859..d6d3729c 100644
--- a/iptables_context.go
+++ b/iptables_context.go
@@ -20,6 +20,7 @@ type ipTablesContext struct {
 	iptablesBin      string
 	SetName          string // crowdsec-netfilter
 	SetType          string
+	SetSize          int
 	StartupCmds      [][]string // -I INPUT -m set --match-set myset src -j DROP
 	ShutdownCmds     [][]string // -D INPUT -m set --match-set myset src -j DROP
 	CheckIptableCmds [][]string
@@ -40,9 +41,11 @@ func (ctx *ipTablesContext) CheckAndCreate() error {
 			return fmt.Errorf("set %s doesn't exist: %w", ctx.SetName, err)
 		}
 		if ctx.version == "v6" {
-			cmd = exec.Command(ctx.ipsetBin, "-exist", "create", ctx.SetName, ctx.SetType, "timeout", "300", "family", "inet6")
+			cmd = exec.Command(ctx.ipsetBin, "-exist", "create", ctx.SetName, ctx.SetType, "timeout", "300", "family",
+				"inet6", "maxelem", fmt.Sprintf("%d", ctx.SetSize))
 		} else {
-			cmd = exec.Command(ctx.ipsetBin, "-exist", "create", ctx.SetName, ctx.SetType, "timeout", "300")
+			cmd = exec.Command(ctx.ipsetBin, "-exist", "create", ctx.SetName, ctx.SetType, "timeout", "300",
+				"maxelem", fmt.Sprintf("%d", ctx.SetSize))
 		}
 		log.Infof("ipset set-up : %s", cmd.String())
 		if out, err := cmd.CombinedOutput(); err != nil {