* Gozem ([EMAIL PROTECTED]) wrote: > > That feature will be available in ippool coming soon. You can add IPs to a > pool with the pooltype that removes its IP after X seconds. > > Example: > iptables -A chain -m pool --pool badboys -j DROP > iptables -A chain -m match -j POOL --pool badboys --add-src-ip
I'm curious what happens when the addresses in a given pool vary
signifigantly. From what I can tell, if you were to take the current 40
IP addresses in my single 'recent' list and put them into a single pool
the 'bitmap_bytes' call would return 434150492, or around 414M. Now, at
the moment, I can't find anything that actually calls bitmap_bytes
except poolbytes, which I can't find called anywhere. I'm guessing I
must be missing something?
The way the search is done in ip_pool_match would seem to support my
understanding of how the storage mechanism works. I hope I'm missing
something because the result of what you're suggesting would seem to be
to try and allocate 414M of memory for this one pool given a similar
distribution to what I see hitting my firewall. Or perhaps would just
require that much memory to function properly?
Trying to figure it out, hope you can help. :)
Stephen
msg00169/pgp00000.pgp
Description: PGP signature
