Best way to block a long list of IPs?
Luigi Rizzo
rizzo at icir.org
Tue Jun 20 21:26:51 UTC 2006
On Tue, Jun 20, 2006 at 03:22:46PM -0600, Brett Glass wrote:
> At 03:07 PM 6/20/2006, Luigi Rizzo wrote:
>
> >there are efficient tables in ipfw as well, which Ruslan implemented
> >some time ago -- yet another reason we should be grateful to him
>
> How would I build a table of arbitrary IP addresses and be able
> to update it atomically (i.e. add and delete individual addresses
> and not lose all filtering when there was a modification)?
please have a look at the ipfw manpage, the relevant commands are
ipfw table number add addr[/masklen] [value]
ipfw table number delete addr[/masklen]
and the matching is as fast as a route lookup as it uses the same
type of data structure.
cheers
luigi
More information about the freebsd-net
mailing list