Best way to block a long list of IPs?

[Phil Regnauld]

Brett Glass (brett) writes:
> 
> I've got an application in which I must block incoming TCP 
> connections to a FreeBSD server from a potentially large list of IP 
> addresses. Using IPFW is not a very efficient way to accomplish 
> this, because it must do a linear search of a list (either one 
> address per rule or an "or" list in a rule) and this could slow 
> down every packet entering the machine dramatically.

	pf tables are VERY efficient -- man pf.conf