In the last episode (Jan 14), Artem Kuchin said:
> I need to block around 150000 ip addreses from acccess the server at
> all at any port. The addesses are random, they are not nets. These
> are the spammer i want to block for 24 hours. The list is dynamically
> generated and regenerated every hour or so. What is the most
> efficient way to do it? At first i thought doing ipfw rules using 5
> ips per rule, that would result in 30000 rules! This will be too
> slow! I need to something really quick and smart. Like matching the
> first number from ip (195 from 188.8.131.52), if it does not match -
> skip, if it does - compare the next one and so on.
Take a look at the ipfw manpage, the LOOKUP TABLES section. You can
add/remove entries on the fly if you need to, and for an efficient full
replacement, create a file with contents like:
table 1 flush
table 1 add 184.108.40.206
table 1 add 220.127.116.11
etc, then load it with "ipfw -f file.txt".
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"