Date: Thu, 14 Sep 2006 17:21:08 +0200 From: Willem Jan Withagen <wjw@withagen.nl> To: Barney Wolff <barney@databus.com> Cc: Willem Jan Withagen <wjw@digiware.nl>, freebsd-net@freebsd.org Subject: Re: blocking a string in a packet using ipfw Message-ID: <45097364.1090905@withagen.nl> In-Reply-To: <20060914150902.GA17230@pit.databus.com> References: <4509592A.3040602@digiware.nl> <20060914134611.GW76403@catpipe.net> <20060914150902.GA17230@pit.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Barney Wolff wrote: > On Thu, Sep 14, 2006 at 03:46:12PM +0200, Phil Regnauld wrote: >> Willem Jan Withagen (wjw) writes: >>> Now I'm pretty shure that ipfw does not stretch indefinitely to contain >>> perhaps something like 100.000 ip-numbers (would be a nice test. :) ) >> Actually, it should. > > I have over 600000 addresses in an ipfw table with no observable trouble. > But that rule is triggered only about 10000 times a day (part of a spam > blocker). Well actually it does work. So once again, I'm impressed by FreeBSD. What no longer really works is 'ipfw l' since that takes longer than I care to wait for it. Forgot to mention: 4.7-PRERELEASE :( It's a box that I "inherited", and is supposed to go away/upgrade for already too long. It is so old, I only dear fix the most essential security, in fear of breaking or trashing the system. This however helps as a stick to get things moving. --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45097364.1090905>