Date: Wed, 14 Jan 2009 10:44:03 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: Artem Kuchin <matrix@itlegion.ru> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Blocking very many (tens of thousands) ip addresses in ipfw Message-ID: <20090114164403.GH57874@dan.emsphone.com> In-Reply-To: <496E117D.8030306@itlegion.ru> References: <496E117D.8030306@itlegion.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jan 14), Artem Kuchin said: > I need to block around 150000 ip addreses from acccess the server at > all at any port. The addesses are random, they are not nets. These > are the spammer i want to block for 24 hours. The list is dynamically > generated and regenerated every hour or so. What is the most > efficient way to do it? At first i thought doing ipfw rules using 5 > ips per rule, that would result in 30000 rules! This will be too > slow! I need to something really quick and smart. Like matching the > first number from ip (195 from 192.1.2.3), if it does not match - > skip, if it does - compare the next one and so on. Take a look at the ipfw manpage, the LOOKUP TABLES section. You can add/remove entries on the fly if you need to, and for an efficient full replacement, create a file with contents like: table 1 flush table 1 add 1.2.3.4 table 1 add 2.3.4.5 etc, then load it with "ipfw -f file.txt". -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090114164403.GH57874>