Date: Wed, 14 Jan 2009 20:30:53 -0800 From: mojo fms <fbsdlilly@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Blocking very many (tens of thousands) ip addresses in ipfw Message-ID: <f151ba00901142030s6a5a5ccm9d03bd8d742920ca@mail.gmail.com> In-Reply-To: <496E1D22.9070106@ibctech.ca> References: <496E117D.8030306@itlegion.ru> <200901141801.45996.pieter@degoeje.nl> <496E1D22.9070106@ibctech.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Is this kind of thing doable with PF or really a ipfw thing more? On Wed, Jan 14, 2009 at 9:13 AM, Steve Bertrand <steve@ibctech.ca> wrote: > Pieter de Goeje wrote: > > On Wednesday 14 January 2009 17:23:25 Artem Kuchin wrote: > >> I need to block around 150000 ip addreses from acccess the server at all > >> at any port. The addesses are random, they are not nets. > >> These are the spammer i want to block for 24 hours. > >> The list is dynamically generated and regenerated every hour or so. > >> What is the most efficient way to do it? > >> At first i thought doing ipfw rules using 5 ips per rule, that would > >> result in 30000 rules! This will be too slow! > >> I need to something really quick and smart. Like matching the first > >> number from ip (195 from 192.1.2.3), > >> if it does not match - skip, if it does - compare the next one > >> and so on. > > > > Quoting ipfw(8): > > LOOKUP TABLES > > Lookup tables are useful to handle large sparse address sets, > typically > > from a hundred to several thousands of entries. There may be up to > 128 > > different lookup tables, numbered 0 to 127. > > > > net.inet.ip.fw.dyn_buckets should probably also be increased to > efficiently > > handle 150k IPs. > > Please correct me if I'm wrong, but if the OP is going to drop all > traffic immediately from the 150k IPs, then dyn_buckets shouldn't come > into play, as there is no dynamic rule generated. > > Steve > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f151ba00901142030s6a5a5ccm9d03bd8d742920ca>