Date: Sun, 11 Jun 2006 14:36:34 +0100 From: Howard Jones <howie@thingy.com> To: "Dan Mahoney, System Admin" <danm@prime.gushi.org>, freebsd-questions@freebsd.org Subject: Re: [freebsd-questions] Deny large number of IPs via ipfw Message-ID: <448C1C62.90806@thingy.com> In-Reply-To: <20060611083416.A86148@prime.gushi.org> References: <20060611083416.A86148@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Mahoney, System Admin wrote: > Hey all, > > I've got a file that I just synced from a major RBL, and I'd like to > just use it to globally deny access to my system. Is there an easy > way to do this within ipfw -- the file is about 3 *million* lines, and > is from cbl.abuseat.org. I do similar things using IPFW2's tables: table 1 flush table 1 add firstip table 1 add 3millionthip deny tcp from table(1) to me 25 ipfw tables use the same lookup structure as the FreeBSD routing table, so it's got to be reasonably efficient. I've never used it with quite that many entries though! Chances are, you can aggregate your address list to reduce it somewhat though. Have fun, Howie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?448C1C62.90806>