Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jan 2009 10:44:03 -0600
From:      Dan Nelson <dnelson@allantgroup.com>
To:        Artem Kuchin <matrix@itlegion.ru>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Blocking very many (tens of thousands) ip addresses in ipfw
Message-ID:  <20090114164403.GH57874@dan.emsphone.com>
In-Reply-To: <496E117D.8030306@itlegion.ru>
References:  <496E117D.8030306@itlegion.ru>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
In the last episode (Jan 14), Artem Kuchin said:
> I need to block around 150000 ip addreses from acccess the server at
> all at any port.  The addesses are random, they are not nets. These
> are the spammer i want to block for 24 hours. The list is dynamically
> generated and regenerated every hour or so. What is the most
> efficient way to do it? At first i thought doing ipfw rules using 5
> ips per rule, that would result in 30000 rules! This will be too
> slow! I need to something really quick and smart. Like matching the
> first number from ip (195 from 192.1.2.3), if it does not match -
> skip, if it does - compare the next one and so on.

Take a look at the ipfw manpage, the LOOKUP TABLES section.  You can
add/remove entries on the fly if you need to, and for an efficient full
replacement, create a file with contents like:

table 1 flush
table 1 add 1.2.3.4
table 1 add 2.3.4.5

etc, then load it with "ipfw -f file.txt".

-- 
	Dan Nelson
	dnelson@allantgroup.com



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20090114164403.GH57874>