Date: Tue, 20 Jun 2006 15:22:46 -0600 From: Brett Glass <brett@lariat.org> To: Luigi Rizzo <rizzo@icir.org>, net@freebsd.org, Phil Regnauld <regnauld@catpipe.net> Subject: Re: Best way to block a long list of IPs? Message-ID: <7.0.1.0.2.20060620151013.042be3f8@lariat.org> In-Reply-To: <20060620140722.A1192@xorpc.icir.org> References: <7.0.1.0.2.20060620143845.06662330@lariat.org> <20060620205730.GC3968@catpipe.net> <20060620140722.A1192@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:07 PM 6/20/2006, Luigi Rizzo wrote:
>there are efficient tables in ipfw as well, which Ruslan implemented
>some time ago -- yet another reason we should be grateful to him
How would I build a table of arbitrary IP addresses and be able
to update it atomically (i.e. add and delete individual addresses
and not lose all filtering when there was a modification)?
>and also, if your address are in the same /24 subnet, you can use
>the ipfw address set format which looks like this
> 1.2.3.0/24{10,20,21,30,34,55}
>and can deal in constant time for up to 256 randomly distributed hosts.
Not random enough. Each of these IP addresses could be anywhere in
the 32 bit IPv4 address range.
--Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7.0.1.0.2.20060620151013.042be3f8>