Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jan 2009 19:23:25 +0300
From:      Artem Kuchin <matrix@itlegion.ru>
To:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Blocking very many (tens of thousands) ip addresses in ipfw
Message-ID:  <496E117D.8030306@itlegion.ru>

Next in thread | Raw E-Mail | Index | Archive | Help
I need to block around 150000 ip addreses from acccess the server at all
at any port.  The addesses are random, they are not nets.
These are the spammer i want to block for 24 hours.
The list is dynamically generated and regenerated every hour or so.
What is the most efficient way to do it?
At first i thought doing ipfw rules using 5 ips per rule, that would
result in 30000 rules! This will be too slow!
I need to something really quick and smart. Like matching the first
number from ip (195 from 192.1.2.3),
if it does not match - skip, if it does - compare the next one
and so on.


--
Regards
Artem Kuchin



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?496E117D.8030306>