From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 14 17:01:49 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 39C2B1065677
	for <freebsd-questions@freebsd.org>;
	Wed, 14 Jan 2009 17:01:49 +0000 (UTC)
	(envelope-from pieter@degoeje.nl)
Received: from s2m-is-001.service2media.com (rev-130-102.virtu.nl
	[217.114.102.130])
	by mx1.freebsd.org (Postfix) with ESMTP id CAE788FC2F
	for <freebsd-questions@freebsd.org>;
	Wed, 14 Jan 2009 17:01:48 +0000 (UTC)
	(envelope-from pieter@degoeje.nl)
Received: from nox-laptop.localnet ([10.0.1.45] RDNS failed) by
	s2m-is-001.service2media.com with Microsoft SMTPSVC(6.0.3790.3959); 
	Wed, 14 Jan 2009 18:01:46 +0100
From: Pieter de Goeje <pieter@degoeje.nl>
To: freebsd-questions@freebsd.org
Date: Wed, 14 Jan 2009 18:01:45 +0100
User-Agent: KMail/1.10.3 (Linux/2.6.27-11-generic; KDE/4.1.3; x86_64; ; )
References: <496E117D.8030306@itlegion.ru>
In-Reply-To: <496E117D.8030306@itlegion.ru>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200901141801.45996.pieter@degoeje.nl>
X-OriginalArrivalTime: 14 Jan 2009 17:01:46.0486 (UTC)
	FILETIME=[C8896160:01C97669]
Cc: Artem Kuchin <matrix@itlegion.ru>
Subject: Re: Blocking very many (tens of thousands) ip addresses in ipfw
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2009 17:01:49 -0000

On Wednesday 14 January 2009 17:23:25 Artem Kuchin wrote:
> I need to block around 150000 ip addreses from acccess the server at all
> at any port.  The addesses are random, they are not nets.
> These are the spammer i want to block for 24 hours.
> The list is dynamically generated and regenerated every hour or so.
> What is the most efficient way to do it?
> At first i thought doing ipfw rules using 5 ips per rule, that would
> result in 30000 rules! This will be too slow!
> I need to something really quick and smart. Like matching the first
> number from ip (195 from 192.1.2.3),
> if it does not match - skip, if it does - compare the next one
> and so on.

Quoting ipfw(8):
LOOKUP TABLES
     Lookup tables are useful to handle large sparse address sets, typically
     from a hundred to several thousands of entries.  There may be up to 128
     different lookup tables, numbered 0 to 127.

net.inet.ip.fw.dyn_buckets should probably also be increased to efficiently 
handle 150k IPs.

-- 
Pieter de Goeje