How to block 200K ip addresses?
Kevin Downey
redchin at gmail.com
Sat Aug 25 23:33:27 PDT 2007
On 8/25/07, CyberLeo Kitsana <cyberleo at cyberleo.net> wrote:
> Kevin Downey wrote:
> > I would use the pf firewall, it has an option to file tables from a file like:
> >
> > table <evil> persist file "/root/evil.txt"
> >
> > kpd at zifnab /root% wc -l evil.txt
> > 178438 evil.txt
> >
> > so its not 300k lines but it takes seconds to load.
>
> I attempted something similar with a digest of a PeerGuardian database
> reworked with tableutil-0.6. The resultant file had 157,546 subnet
> declarations in it.
>
> When I attempted to populate a pf table with the file on 6.2-RELEASE, it
> thought about it for a few seconds, then happily reported:
>
> pfctl: Cannot allocate memory.
>
> I never pared it down to see where the actual limit was for my hardware,
> though, as a partial PeerGuardian list is pretty much useless.
>
> --
> Fuzzy love,
> -CyberLeo
> Technical Administrator
this machine is amd64 so perhaps the extra address space? I dunno,
evil.txt is infact more or less the peerguardian list and it loads.
--
I am the kwisatz haderach
More information about the freebsd-questions
mailing list