Best way to block a long list of IPs?
Brett Glass
brett at lariat.org
Tue Jun 20 21:23:24 UTC 2006
At 03:07 PM 6/20/2006, Luigi Rizzo wrote:
>there are efficient tables in ipfw as well, which Ruslan implemented
>some time ago -- yet another reason we should be grateful to him
How would I build a table of arbitrary IP addresses and be able
to update it atomically (i.e. add and delete individual addresses
and not lose all filtering when there was a modification)?
>and also, if your address are in the same /24 subnet, you can use
>the ipfw address set format which looks like this
> 1.2.3.0/24{10,20,21,30,34,55}
>and can deal in constant time for up to 256 randomly distributed hosts.
Not random enough. Each of these IP addresses could be anywhere in
the 32 bit IPv4 address range.
--Brett Glass
More information about the freebsd-net
mailing list