Best way to block a long list of IPs?
Dmitry Pryanishnikov
dmitry at atlantis.dp.ua
Wed Jun 21 11:32:26 UTC 2006
Hello!
On Tue, 20 Jun 2006, Luigi Rizzo wrote:
> On Tue, Jun 20, 2006 at 03:26:25PM -0600, Brett Glass wrote:
>> Oh, by the way: I should mention that the server is running FreeBSD
>> 4.11. It's doing file-intensive work, and file system performance
>> in FreeBSD 6.x is noticeably slower.
>
> ipfw tables are also in 4.11
Just don't forget to switch your system to ipfw2 (RELENG_4 uses ipfw1 by
default). Switching is described in "USING IPFW2 IN FreeBSD-STABLE" section of
ipfw(8). Manpage suggests recompiling /sbin/ipfw and /usr/lib/libalias along
with the kernel, but /sbin/natd is statically linked against libalias in
RELENG_4, so it also must be recompiled. Don't forget that you can't mix
kernel compiled with "options IPFW2" and ipfw1-based binaries (compiled w/o
IPFW2 defined) and vice versa (ipfw1-based kernel with ipfw2-based userland),
so follow a standard upgrade path to be safe:
1) build (don't install) new binaries,
2) build and install new kernel,
3) reboot to single-user mode,
4) install new binaries,
5) reboot.
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry at atlantis.dp.ua
nic-hdl: LYNX-RIPE
More information about the freebsd-net
mailing list