From owner-freebsd-net@FreeBSD.ORG Tue Oct 21 19:26:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F058416A4B3 for ; Tue, 21 Oct 2003 19:26:07 -0700 (PDT) Received: from w250.z064001178.sjc-ca.dsl.cnc.net (adsl-66.218.45.239.dslextreme.com [66.218.45.239]) by mx1.FreeBSD.org (Postfix) with SMTP id 3986F43F85 for ; Tue, 21 Oct 2003 19:26:05 -0700 (PDT) (envelope-from jos@catnook.com) Received: (qmail 8729 invoked by uid 1000); 22 Oct 2003 02:26:26 -0000 Date: Tue, 21 Oct 2003 19:26:04 -0700 From: Jos Backus To: freebsd-net@freebsd.org Message-ID: <20031022022626.GA91044@lizzy.catnook.com> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.4i Subject: Filtering question: checking for many addresses in a single rule? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jos@catnook.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2003 02:26:08 -0000 If one has many (thousands) hosts/addresses that the same filter action needs to be taken for, what would be the most efficient way to implement this using, say, ipfw or ipfilter? I'm referring to the ability to create/load a large hashed set of addresses and a way to refer to the set in a filter rule. So rather than having many rules that need to be scanned sequentially there would only be one rule and the matching mechanism would use a hash table instead. Thoughts? -- Jos Backus _/ _/_/_/ Sunnyvale, CA _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ jos at catnook.com _/_/ _/_/_/ require 'std/disclaimer'