From owner-freebsd-questions@FreeBSD.ORG Sat Aug 25 23:49:55 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 50C1316A417 for ; Sat, 25 Aug 2007 23:49:55 +0000 (UTC) (envelope-from amin.scg@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.178]) by mx1.freebsd.org (Postfix) with ESMTP id 1A95713C468 for ; Sat, 25 Aug 2007 23:49:55 +0000 (UTC) (envelope-from amin.scg@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so1507600waf for ; Sat, 25 Aug 2007 16:49:54 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:reply-to:from:to:cc:subject:date:mime-version:content-type:content-transfer-encoding:x-mailer:in-reply-to:thread-index:x-mimeole:message-id; b=puFxvyOVAqG87D80YEJ5NDnUnAqgE6FzpupmCBAnnyNwCyOG3mr+2Lut4Xs6LjMrbt9pVxoPrqPGG6IUp1nDgClvWi5JOE+zrjw59kBqYcF6gUsp9XXVirVM8rkvCes554fPADdbNlXn2uF0FcOWOeIgCCSl58yOlX9ElS9XepU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:reply-to:from:to:cc:subject:date:mime-version:content-type:content-transfer-encoding:x-mailer:in-reply-to:thread-index:x-mimeole:message-id; b=eLRYyI4yCNlmw8cm3qJFr28LFsg/i55Jd6j+hpr0q/1PQBeUXacacAlj5iHofvTfJPsInEU5DMiY5m6DywwxXU18kXn3jRXfOUbPCbIEkiQb76E31QGDqB40f7Nrq9JrLErm0QzG0ZHb9Piq0Olc52i1V2mc+Tk9zPHMukQdMs4= Received: by 10.115.89.1 with SMTP id r1mr4971841wal.1188085794257; Sat, 25 Aug 2007 16:49:54 -0700 (PDT) Received: from dtraaa ( [203.121.47.4]) by mx.google.com with ESMTPS id n30sm4981230wag.2007.08.25.16.49.47 (version=SSLv3 cipher=RC4-MD5); Sat, 25 Aug 2007 16:49:52 -0700 (PDT) From: "Aminuddin" To: "'Dan Nelson'" Date: Sun, 26 Aug 2007 07:49:40 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <20070825211352.GB25055@dan.emsphone.com> Thread-Index: AcfnXN6Kgfu5JWufQwCCyVn1CUctxAAFQbhw X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Message-ID: <46d0c020.1ed7720a.6721.1aee@mx.google.com> Cc: freebsd-questions@freebsd.org Subject: RE: How to block 200K ip addresses? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: amin.scg@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Aug 2007 23:49:55 -0000 I intend to create a ruleset file consisting of this statement: Ruleset------------------------ add 2300 skipto 2301 ip from 0.0.0.0/6 to any add 2400 skipto 2401 ip from any to 0.0.0.0/6 add 2300 skipto 2302 ip from 4.0.0.0/6 to any add 2400 skipto 2402 ip from any to 4.0.0.0/6 add 2300 skipto 2303 ip from 8.0.0.0/6 to any add 2400 skipto 2403 ip from any to 8.0.0.0/6 add 2300 skipto 2304 ip from 12.0.0.0/6 to any add 2400 skipto 2404 ip from any to 12.0.0.0/6 add 2300 skipto 2305 ip from 16.0.0.0/6 to any add 2400 skipto 2405 ip from any to 16.0.0.0/6 add 2300 skipto 2306 ip from 20.0.0.0/6 to any add 2400 skipto 2406 ip from any to 20.0.0.0/6 add 2300 skipto 2307 ip from 24.0.0.0/6 to any add 2400 skipto 2407 ip from any to 24.0.0.0/6 add 2300 skipto 2308 ip from 28.0.0.0/6 to any add 2400 skipto 2408 ip from any to 28.0.0.0/6 add 2300 skipto 2309 ip from 32.0.0.0/6 to any add 2400 skipto 2409 ip from any to 32.0.0.0/6 add 2300 skipto 2310 ip from 36.0.0.0/6 to any add 2400 skipto 2410 ip from any to 36.0.0.0/6 add 2300 skipto 2311 ip from 40.0.0.0/6 to any add 2400 skipto 2411 ip from any to 40.0.0.0/6 add 2300 skipto 2312 ip from 44.0.0.0/6 to any add 2400 skipto 2412 ip from any to 44.0.0.0/6 add 2300 skipto 2313 ip from 48.0.0.0/6 to any add 2400 skipto 2413 ip from any to 48.0.0.0/6 add 2300 skipto 2314 ip from 52.0.0.0/6 to any add 2400 skipto 2414 ip from any to 52.0.0.0/6 add 2300 skipto 2315 ip from 56.0.0.0/6 to any add 2400 skipto 2415 ip from any to 56.0.0.0/6 add 2300 skipto 2316 ip from 60.0.0.0/6 to any add 2400 skipto 2416 ip from any to 60.0.0.0/6 add 2300 skipto 2317 ip from 64.0.0.0/6 to any add 2400 skipto 2417 ip from any to 64.0.0.0/6 add 2300 skipto 2318 ip from 68.0.0.0/6 to any add 2400 skipto 2418 ip from any to 68.0.0.0/6 add 2300 skipto 2319 ip from 72.0.0.0/6 to any add 2400 skipto 2419 ip from any to 72.0.0.0/6 add 2300 skipto 2320 ip from 76.0.0.0/6 to any add 2400 skipto 2420 ip from any to 76.0.0.0/6 add 2300 skipto 2321 ip from 80.0.0.0/6 to any add 2400 skipto 2421 ip from any to 80.0.0.0/6 add 2300 skipto 2322 ip from 84.0.0.0/6 to any add 2400 skipto 2422 ip from any to 84.0.0.0/6 add 2300 skipto 2323 ip from 88.0.0.0/6 to any add 2400 skipto 2423 ip from any to 88.0.0.0/6 add 2300 skipto 2324 ip from 92.0.0.0/6 to any add 2400 skipto 2424 ip from any to 92.0.0.0/6 add 2300 skipto 2325 ip from 96.0.0.0/6 to any add 2400 skipto 2425 ip from any to 96.0.0.0/6 add 2300 skipto 2326 ip from 100.0.0.0/6 to any add 2400 skipto 2426 ip from any to 100.0.0.0/6 add 2300 skipto 2327 ip from 104.0.0.0/6 to any add 2400 skipto 2427 ip from any to 104.0.0.0/6 add 2300 skipto 2328 ip from 108.0.0.0/6 to any add 2400 skipto 2428 ip from any to 108.0.0.0/6 add 2300 skipto 2329 ip from 112.0.0.0/6 to any add 2400 skipto 2429 ip from any to 112.0.0.0/6 add 2300 skipto 2330 ip from 116.0.0.0/6 to any add 2400 skipto 2430 ip from any to 116.0.0.0/6 add 2300 skipto 2331 ip from 120.0.0.0/6 to any add 2400 skipto 2431 ip from any to 120.0.0.0/6 add 2300 skipto 2332 ip from 124.0.0.0/6 to any add 2400 skipto 2432 ip from any to 124.0.0.0/6 add 2300 skipto 2333 ip from 128.0.0.0/6 to any add 2400 skipto 2433 ip from any to 128.0.0.0/6 add 2300 skipto 2334 ip from 132.0.0.0/6 to any add 2400 skipto 2434 ip from any to 132.0.0.0/6 add 2300 skipto 2335 ip from 136.0.0.0/6 to any add 2400 skipto 2435 ip from any to 136.0.0.0/6 add 2300 skipto 2336 ip from 140.0.0.0/6 to any add 2400 skipto 2436 ip from any to 140.0.0.0/6 add 2300 skipto 2337 ip from 144.0.0.0/6 to any add 2400 skipto 2437 ip from any to 144.0.0.0/6 add 2300 skipto 2338 ip from 148.0.0.0/6 to any add 2400 skipto 2438 ip from any to 148.0.0.0/6 add 2300 skipto 2339 ip from 152.0.0.0/6 to any add 2400 skipto 2439 ip from any to 152.0.0.0/6 add 2300 skipto 2340 ip from 156.0.0.0/6 to any add 2400 skipto 2440 ip from any to 156.0.0.0/6 add 2300 skipto 2341 ip from 160.0.0.0/6 to any add 2400 skipto 2441 ip from any to 160.0.0.0/6 add 2300 skipto 2342 ip from 164.0.0.0/6 to any add 2400 skipto 2442 ip from any to 164.0.0.0/6 add 2300 skipto 2343 ip from 168.0.0.0/6 to any add 2400 skipto 2443 ip from any to 168.0.0.0/6 add 2300 skipto 2344 ip from 172.0.0.0/6 to any add 2400 skipto 2444 ip from any to 172.0.0.0/6 add 2300 skipto 2345 ip from 176.0.0.0/6 to any add 2400 skipto 2445 ip from any to 176.0.0.0/6 add 2300 skipto 2346 ip from 180.0.0.0/6 to any add 2400 skipto 2446 ip from any to 180.0.0.0/6 add 2300 skipto 2347 ip from 184.0.0.0/6 to any add 2400 skipto 2447 ip from any to 184.0.0.0/6 add 2300 skipto 2348 ip from 188.0.0.0/6 to any add 2400 skipto 2448 ip from any to 188.0.0.0/6 add 2300 skipto 2349 ip from 192.0.0.0/6 to any add 2400 skipto 2449 ip from any to 192.0.0.0/6 add 2300 skipto 2350 ip from 196.0.0.0/6 to any add 2400 skipto 2450 ip from any to 196.0.0.0/6 add 2300 skipto 2351 ip from 200.0.0.0/6 to any add 2400 skipto 2451 ip from any to 200.0.0.0/6 add 2300 skipto 2352 ip from 204.0.0.0/6 to any add 2400 skipto 2452 ip from any to 204.0.0.0/6 add 2300 skipto 2353 ip from 208.0.0.0/6 to any add 2400 skipto 2453 ip from any to 208.0.0.0/6 add 2300 skipto 2354 ip from 212.0.0.0/6 to any add 2400 skipto 2454 ip from any to 212.0.0.0/6 add 2300 skipto 2355 ip from 216.0.0.0/6 to any add 2400 skipto 2455 ip from any to 216.0.0.0/6 add 2300 skipto 2356 ip from 220.0.0.0/6 to any add 2400 skipto 2456 ip from any to 220.0.0.0/6 add 2300 skipto 2357 ip from 224.0.0.0/6 to any add 2400 skipto 2457 ip from any to 224.0.0.0/6 add 2300 skipto 2358 ip from 228.0.0.0/6 to any add 2400 skipto 2458 ip from any to 228.0.0.0/6 add 2300 skipto 2359 ip from 232.0.0.0/6 to any add 2400 skipto 2459 ip from any to 232.0.0.0/6 add 2300 skipto 2360 ip from 236.0.0.0/6 to any add 2400 skipto 2460 ip from any to 236.0.0.0/6 add 2300 skipto 2361 ip from 240.0.0.0/6 to any add 2400 skipto 2461 ip from any to 240.0.0.0/6 add 2300 skipto 2362 ip from 244.0.0.0/6 to any add 2400 skipto 2462 ip from any to 244.0.0.0/6 add 2300 skipto 2363 ip from 248.0.0.0/6 to any add 2400 skipto 2463 ip from any to 248.0.0.0/6 add 2300 skipto 2364 ip from 252.0.0.0/6 to any add 2400 skipto 2464 ip from any to 252.0.0.0/6 add 2301 deny ip from 3.0.0.0/8 to any add 2401 reject ip from any to 3.0.0.0/8 add 2302 deny ip from 4.0.25.146/31 to any add 2402 reject ip from any to 4.0.25.146/31 add 2302 deny ip from 4.0.25.148/32 to any add 2402 reject ip from any to 4.0.25.148/32 add 2302 deny ip from 4.0.26.14/31 to any add 2402 reject ip from any to 4.0.26.14/31 add 2302 deny ip from 4.0.26.16/28 to any add 2402 reject ip from any to 4.0.26.16/28 add 2302 deny ip from 4.0.26.32/27 to any add 2402 reject ip from any to 4.0.26.32/27 add 2302 deny ip from 4.0.26.64/26 to any add 2402 reject ip from any to 4.0.26.64/26 add 2302 deny ip from 4.0.26.128/25 to any add 2402 reject ip from any to 4.0.26.128/25 add 2302 deny ip from 4.0.27.0/24 to any add 2402 reject ip from any to 4.0.27.0/24 add 2302 deny ip from 4.0.28.0/24 to any add 2402 reject ip from any to 4.0.28.0/24 add 2302 deny ip from 4.0.29.0/28 to any add 2402 reject ip from any to 4.0.29.0/28 add 2302 deny ip from 4.0.29.16/29 to any add 2402 reject ip from any to 4.0.29.16/29 add 2302 deny ip from 4.0.29.24/32 to any add 2402 reject ip from any to 4.0.29.24/32 add 2302 deny ip from 4.2.144.64/27 to any add 2402 reject ip from any to 4.2.144.64/27 add 2302 deny ip from 4.2.144.224/29 to any add 2402 reject ip from any to 4.2.144.224/29 add 2302 deny ip from 4.2.144.248/29 to any add 2402 reject ip from any to 4.2.144.248/29 add 2302 deny ip from 4.2.145.224/28 to any add 2402 reject ip from any to 4.2.145.224/28 add 2302 deny ip from 4.2.153.0/29 to any add 2402 reject ip from any to 4.2.153.0/29 add 2302 deny ip from 4.2.153.32/27 to any add 2402 reject ip from any to 4.2.153.32/27 add 2302 deny ip from 4.2.160.64/28 to any add 2402 reject ip from any to 4.2.160.64/28 add 2302 deny ip from 4.2.161.0/29 to any add 2402 reject ip from any to 4.2.161.0/29 add 2302 deny ip from 4.2.161.64/29 to any add 2402 reject ip from any to 4.2.161.64/29 add 2302 deny ip from 4.2.162.128/29 to any add 2402 reject ip from any to 4.2.162.128/29 add 2302 deny ip from 4.2.162.144/29 to any add 2402 reject ip from any to 4.2.162.144/29 add 2302 deny ip from 4.2.162.160/27 to any add 2402 reject ip from any to 4.2.162.160/27 add 2302 deny ip from 4.2.163.96/27 to any add 2402 reject ip from any to 4.2.163.96/27 add 2302 deny ip from 4.2.169.0/26 to any add 2402 reject ip from any to 4.2.169.0/26 add 2302 deny ip from 4.2.169.64/27 to any add 2402 reject ip from any to 4.2.169.64/27 add 2302 deny ip from 4.2.169.112/29 to any add 2402 reject ip from any to 4.2.169.112/29 add 2302 deny ip from 4.2.169.128/25 to any add 2402 reject ip from any to 4.2.169.128/25 add 2302 deny ip from 4.2.170.32/27 to any add 2402 reject ip from any to 4.2.170.32/27 add 2302 deny ip from 4.2.170.144/29 to any add 2402 reject ip from any to 4.2.170.144/29 add 2302 deny ip from 4.2.172.0/24 to any add 2402 reject ip from any to 4.2.172.0/24 add 2302 deny ip from 4.2.173.32/27 to any add 2402 reject ip from any to 4.2.173.32/27 add 2302 deny ip from 4.2.176.32/27 to any add 2402 reject ip from any to 4.2.176.32/27 add 2302 deny ip from 4.2.176.64/29 to any add 2402 reject ip from any to 4.2.176.64/29 add 2302 deny ip from 4.2.176.88/29 to any add 2402 reject ip from any to 4.2.176.88/29 add 2302 deny ip from 4.2.176.96/27 to any add 2402 reject ip from any to 4.2.176.96/27 add 2302 deny ip from 4.2.179.32/28 to any add 2402 reject ip from any to 4.2.179.32/28 add 2302 deny ip from 4.2.179.192/27 to any add 2402 reject ip from any to 4.2.179.192/27 add 2302 deny ip from 4.2.179.232/29 to any add 2402 reject ip from any to 4.2.179.232/29 add 2302 deny ip from 4.2.184.0/23 to any add 2402 reject ip from any to 4.2.184.0/23 add 2302 deny ip from 4.2.186.0/24 to any add 2402 reject ip from any to 4.2.186.0/24 add 2302 deny ip from 4.2.188.96/29 to any add 2402 reject ip from any to 4.2.188.96/29 add 2302 deny ip from 4.2.188.128/25 to any add 2402 reject ip from any to 4.2.188.128/25 add 2302 deny ip from 4.2.189.0/24 to any add 2402 reject ip from any to 4.2.189.0/24 add 2302 deny ip from 4.2.192.0/28 to any add 2402 reject ip from any to 4.2.192.0/28 add 2302 deny ip from 4.2.192.64/28 to any add 2402 reject ip from any to 4.2.192.64/28 add 2302 deny ip from 4.2.192.96/27 to any add 2402 reject ip from any to 4.2.192.96/27 add 2302 deny ip from 4.2.192.192/27 to any add 2402 reject ip from any to 4.2.192.192/27 add 2302 deny ip from 4.2.193.0/25 to any add 2402 reject ip from any to 4.2.193.0/25 add 2302 deny ip from 4.2.224.0/29 to any add 2402 reject ip from any to 4.2.224.0/29 add 2302 deny ip from 4.2.224.32/27 to any add 2402 reject ip from any to 4.2.224.32/27 add 2302 deny ip from 4.2.224.64/26 to any add 2402 reject ip from any to 4.2.224.64/26 add 2302 deny ip from 4.2.225.80/29 to any add 2402 reject ip from any to 4.2.225.80/29 add 2302 deny ip from 4.2.225.248/29 to any add 2402 reject ip from any to 4.2.225.248/29 add 2302 deny ip from 4.2.226.152/29 to any add 2402 reject ip from any to 4.2.226.152/29 add 2302 deny ip from 4.2.227.0/26 to any add 2402 reject ip from any to 4.2.227.0/26 add 2302 deny ip from 4.2.227.72/29 to any add 2402 reject ip from any to 4.2.227.72/29 add 2302 deny ip from 4.2.227.80/29 to any add 2402 reject ip from any to 4.2.227.80/29 add 2302 deny ip from 4.2.227.128/29 to any add 2402 reject ip from any to 4.2.227.128/29 add 2302 deny ip from 4.17.1.64/27 to any add 2402 reject ip from any to 4.17.1.64/27 add 2302 deny ip from 4.17.2.0/25 to any add 2402 reject ip from any to 4.17.2.0/25 add 2302 deny ip from 4.17.2.240/28 to any add 2402 reject ip from any to 4.17.2.240/28 add 2302 deny ip from 4.17.3.128/26 to any add 2402 reject ip from any to 4.17.3.128/26 add 2302 deny ip from 4.17.24.0/22 to any add 2402 reject ip from any to 4.17.24.0/22 add 2302 deny ip from 4.17.28.0/24 to any add 2402 reject ip from any to 4.17.28.0/24 add 2302 deny ip from 4.17.71.200/29 to any add 2402 reject ip from any to 4.17.71.200/29 add 2302 deny ip from 4.17.130.32/27 to any add 2402 reject ip from any to 4.17.130.32/27 add 2302 deny ip from 4.17.130.88/29 to any add 2402 reject ip from any to 4.17.130.88/29 add 2302 deny ip from 4.17.137.224/27 to any add 2402 reject ip from any to 4.17.137.224/27 add 2302 deny ip from 4.17.140.48/28 to any add 2402 reject ip from any to 4.17.140.48/28 add 2302 deny ip from 4.17.150.112/28 to any add 2402 reject ip from any to 4.17.150.112/28 add 2302 deny ip from 4.17.157.0/24 to any add 2402 reject ip from any to 4.17.157.0/24 add 2302 deny ip from 4.17.159.64/26 to any add 2402 reject ip from any to 4.17.159.64/26 add 2302 deny ip from 4.17.160.160/28 to any add 2402 reject ip from any to 4.17.160.160/28 add 2302 deny ip from 4.17.160.240/29 to any add 2402 reject ip from any to 4.17.160.240/29 add 2302 deny ip from 4.17.168.192/26 to any add 2402 reject ip from any to 4.17.168.192/26 add 2302 deny ip from 4.17.172.64/27 to any add 2402 reject ip from any to 4.17.172.64/27 add 2302 deny ip from 4.17.175.32/27 to any add 2402 reject ip from any to 4.17.175.32/27 add 2302 deny ip from 4.17.180.0/23 to any add 2402 reject ip from any to 4.17.180.0/23 add 2302 deny ip from 4.17.183.128/25 to any add 2402 reject ip from any to 4.17.183.128/25 add 2302 deny ip from 4.17.192.0/27 to any add 2402 reject ip from any to 4.17.192.0/27 add 2302 deny ip from 4.17.192.64/28 to any add 2402 reject ip from any to 4.17.192.64/28 add 2302 deny ip from 4.17.192.128/25 to any add 2402 reject ip from any to 4.17.192.128/25 add 2302 deny ip from 4.17.193.112/28 to any add 2402 reject ip from any to 4.17.193.112/28 add 2302 deny ip from 4.17.193.128/25 to any add 2402 reject ip from any to 4.17.193.128/25 add 2302 deny ip from 4.17.222.96/27 to any add 2402 reject ip from any to 4.17.222.96/27 add 2302 deny ip from 4.17.229.0/27 to any add 2402 reject ip from any to 4.17.229.0/27 add 2302 deny ip from 4.17.232.0/24 to any add 2402 reject ip from any to 4.17.232.0/24 add 2302 deny ip from 4.18.0.0/24 to any add 2402 reject ip from any to 4.18.0.0/24 add 2302 deny ip from 4.18.5.128/26 to any add 2402 reject ip from any to 4.18.5.128/26 add 2302 deny ip from 4.18.6.32/27 to any add 2402 reject ip from any to 4.18.6.32/27 add 2302 deny ip from 4.18.26.0/25 to any add 2402 reject ip from any to 4.18.26.0/25 add 2302 deny ip from 4.18.26.128/29 to any add 2402 reject ip from any to 4.18.26.128/29 add 2302 deny ip from 4.18.32.16/28 to any add 2402 reject ip from any to 4.18.32.16/28 add 2302 deny ip from 4.18.32.80/28 to any add 2402 reject ip from any to 4.18.32.80/28 add 2302 deny ip from 4.18.32.96/27 to any add 2402 reject ip from any to 4.18.32.96/27 add 2302 deny ip from 4.18.32.128/27 to any add 2402 reject ip from any to 4.18.32.128/27 add 2302 deny ip from 4.18.32.208/29 to any add 2402 reject ip from any to 4.18.32.208/29 add 2302 deny ip from 4.18.32.224/28 to any add 2402 reject ip from any to 4.18.32.224/28 add 2302 deny ip from 4.18.34.0/27 to any add 2402 reject ip from any to 4.18.34.0/27 add 2302 deny ip from 4.18.34.136/29 to any add 2402 reject ip from any to 4.18.34.136/29 add 2302 deny ip from 4.18.34.224/29 to any add 2402 reject ip from any to 4.18.34.224/29 add 2302 deny ip from 4.18.35.16/29 to any add 2402 reject ip from any to 4.18.35.16/29 add 2302 deny ip from 4.18.35.48/28 to any add 2402 reject ip from any to 4.18.35.48/28 add 2302 deny ip from 4.18.35.200/29 to any add 2402 reject ip from any to 4.18.35.200/29 add 2302 deny ip from 4.18.35.224/27 to any add 2402 reject ip from any to 4.18.35.224/27 add 2302 deny ip from 4.18.36.0/26 to any add 2402 reject ip from any to 4.18.36.0/26 add 2302 deny ip from 4.18.37.16/28 to any add 2402 reject ip from any to 4.18.37.16/28 add 2302 deny ip from 4.18.37.128/25 to any add 2402 reject ip from any to 4.18.37.128/25 add 2302 deny ip from 4.18.38.0/24 to any ------------------------------------end ruleset Will the above rules block me from ssh into my remote server if the ip addresses of my local pc (dynamic ip) not within any of the above rules ip range as well as block my snmpd services? -----Original Message----- From: Dan Nelson [mailto:dnelson@allantgroup.com] Sent: Sunday, August 26, 2007 5:14 AM To: Aminuddin Cc: freebsd-questions@freebsd.org Subject: Re: How to block 200K ip addresses? In the last episode (Aug 26), Aminuddin said: > How do you block this large range of ip addresses from different > subnet? IPFW only allows 65536 rules while this will probably use up > a few hundred thousands of lines. > > I'm also trying to add this into my proxy configuration file, ss5.conf but > it doesn't allow me to add this large number. > > IS this the limitation of IPF or FreeBSD? How do I work around this? Even though there are 65536 rule numbers, each number can actually have any amount of rules assigned to it. What you're probably looking for, though, is ipfw's table keyword, which uses the same radix tree lookup format as the kernel's routing tables, so it scales well to large amounts of sparse addresses. man ipfw, search for "lookup tables". -- Dan Nelson dnelson@allantgroup.com