Date: Sun, 26 Aug 2007 01:26:44 -0500 From: CyberLeo Kitsana <cyberleo@cyberleo.net> To: Kevin Downey <redchin@gmail.com> Cc: Dan Nelson <dnelson@allantgroup.com>, amin.scg@gmail.com, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: How to block 200K ip addresses? Message-ID: <46D11D24.4070206@cyberleo.net> In-Reply-To: <1d3ed48c0708252238u1f1adfdfpa69af42b5796c36b@mail.gmail.com> References: <20070826013636.GC25055@dan.emsphone.com> <46d10500.1ebc720a.304c.1e2f@mx.google.com> <1d3ed48c0708252238u1f1adfdfpa69af42b5796c36b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kevin Downey wrote: > I would use the pf firewall, it has an option to file tables from a file like: > > table <evil> persist file "/root/evil.txt" > > kpd@zifnab /root% wc -l evil.txt > 178438 evil.txt > > so its not 300k lines but it takes seconds to load. I attempted something similar with a digest of a PeerGuardian database reworked with tableutil-0.6. The resultant file had 157,546 subnet declarations in it. When I attempted to populate a pf table with the file on 6.2-RELEASE, it thought about it for a few seconds, then happily reported: pfctl: Cannot allocate memory. I never pared it down to see where the actual limit was for my hardware, though, as a partial PeerGuardian list is pretty much useless. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <CyberLeo@CyberLeo.Net> Furry Peace! - http://wwww.fur.com/peace/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46D11D24.4070206>