blocking a string in a packet using ipfw
Willem Jan Withagen
wjw at withagen.nl
Thu Sep 14 08:20:07 PDT 2006
Barney Wolff wrote:
> On Thu, Sep 14, 2006 at 03:46:12PM +0200, Phil Regnauld wrote:
>> Willem Jan Withagen (wjw) writes:
>>> Now I'm pretty shure that ipfw does not stretch indefinitely to contain
>>> perhaps something like 100.000 ip-numbers (would be a nice test. :) )
>> Actually, it should.
>
> I have over 600000 addresses in an ipfw table with no observable trouble.
> But that rule is triggered only about 10000 times a day (part of a spam
> blocker).
Well actually it does work. So once again, I'm impressed by FreeBSD.
What no longer really works is 'ipfw l' since that takes longer than I care to
wait for it.
Forgot to mention: 4.7-PRERELEASE :(
It's a box that I "inherited", and is supposed to go away/upgrade for already
too long.
It is so old, I only dear fix the most essential security, in fear of breaking
or trashing the system. This however helps as a stick to get things moving.
--WjW
More information about the freebsd-net
mailing list