Date: Fri, 15 Sep 2006 14:44:31 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-net@FreeBSD.ORG Subject: Re: blocking a string in a packet using ipfw Message-ID: <200609151244.k8FCiVqV016726@lurza.secnetix.de> In-Reply-To: <450A9421.6010400@withagen.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Willem Jan Withagen wrote: > Julian Elischer wrote: > > > Forgot to mention: 4.7-PRERELEASE :( > > > > ugh... no tables > > and 45000 lines will be bad. Not necessarily ... > Over that time I collected over 50.000 IP's which all ended up > in IPFW. :) The box (PIII, 750 Mhz, 512Mb) started using a lot > of system and interrupt time, but it survived it all. I once wrote a small tool that took a bunch of IP addresses on stdin and converted it into IPFW "skipto" rules forming a binary tree. So, in the worst case, only 32 rules had to be checked for each packet, instead of 50,000. Of course, with IPFW2's table feature, that tool of mine became obsolete. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "I have stopped reading Stephen King novels. Now I just read C code instead." -- Richard A. O'Keefe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609151244.k8FCiVqV016726>