Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jan 2009 18:01:45 +0100
From:      Pieter de Goeje <>
Cc:        Artem Kuchin <>
Subject:   Re: Blocking very many (tens of thousands) ip addresses in ipfw
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Wednesday 14 January 2009 17:23:25 Artem Kuchin wrote:
> I need to block around 150000 ip addreses from acccess the server at all
> at any port.  The addesses are random, they are not nets.
> These are the spammer i want to block for 24 hours.
> The list is dynamically generated and regenerated every hour or so.
> What is the most efficient way to do it?
> At first i thought doing ipfw rules using 5 ips per rule, that would
> result in 30000 rules! This will be too slow!
> I need to something really quick and smart. Like matching the first
> number from ip (195 from,
> if it does not match - skip, if it does - compare the next one
> and so on.

Quoting ipfw(8):
     Lookup tables are useful to handle large sparse address sets, typically
     from a hundred to several thousands of entries.  There may be up to 128
     different lookup tables, numbered 0 to 127.

net.inet.ip.fw.dyn_buckets should probably also be increased to efficiently 
handle 150k IPs.

Pieter de Goeje

Want to link to this message? Use this URL: <>