Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Sep 2006 14:08:12 -0700
From:      Julian Elischer <julian@elischer.org>
To:        Willem Jan Withagen <wjw@withagen.nl>
Cc:        Barney Wolff <barney@databus.com>, freebsd-net@freebsd.org, Willem Jan Withagen <wjw@digiware.nl>
Subject:   Re: blocking a string in a packet using ipfw
Message-ID:  <4509C4BC.3090000@elischer.org>
In-Reply-To: <45097364.1090905@withagen.nl>
References:  <4509592A.3040602@digiware.nl> <20060914134611.GW76403@catpipe.net>	<20060914150902.GA17230@pit.databus.com> <45097364.1090905@withagen.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
Willem Jan Withagen wrote:

> Barney Wolff wrote:
>
>> On Thu, Sep 14, 2006 at 03:46:12PM +0200, Phil Regnauld wrote:
>>
>>> Willem Jan Withagen (wjw) writes:
>>>
>>>> Now I'm pretty shure that ipfw does not stretch indefinitely to 
>>>> contain
>>>> perhaps something like 100.000 ip-numbers (would be a nice test. :) )
>>>
>>>     Actually, it should.
>>
>>
>> I have over 600000 addresses in an ipfw table with no observable 
>> trouble.
>> But that rule is triggered only about 10000 times a day (part of a spam
>> blocker).
>
>
> Well actually it does work. So once again, I'm impressed by FreeBSD.
> What no longer really works is 'ipfw l' since that takes longer than I 
> care to wait for it.
>
> Forgot to mention: 4.7-PRERELEASE :(


ugh... no tables
and 45000 lines will be bad.

load an old PC with 6.2
and seet it up as a bridge with 2 interfaces.
and use ipfw table to filter on the bridge

> It's a box that I "inherited", and is supposed to go away/upgrade for 
> already too long.
> It is so old, I only dear fix the most essential security, in fear of 
> breaking or trashing the system. This however helps as a stick to get 
> things moving.
>
> --WjW
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4509C4BC.3090000>