On Mon, Apr 07, 2025 at 05:04:30PM -0400, Vaughn A. Hart wrote: > I was wondering if this list could be run neither as constant or persistent > but only at rule evaluation (ingress and egress) and what performance hit > would I take. > > This is the list: > > https://www.cloudcix.com/ipblocklist.txt > > And this is the content : > > # RoboSOC IP blocklist > # Published @ 20:40:07 07/04/25 > # Blocklist contains 15525097IPv4 IPs > # Blocklist contains 241 IPv6 IPs > # Blocklist contains 61701 CIDR blocks > > Feasible or not?
given that [Wed Apr 09 09:17:04] peter@skapet:~/tmp$ grep -v \# ipblocklist.txt | wc -l 63352 the list as presented contains sixty-plus thousand entries, it would fit inside the default table size (see table-entries in the limits sectiion of the pf.conf man page), so with something like table <ipblocklist> persist counters file "/home/vahahaha/ipblocklist.txt" with a matching block from <ipblocklist> would work, perhaps supplemented with a cron job to fetch updated data and load them into the table. I don't have any similar equipment (M1 with 8G memory) available to test but simply trying to load a ruleset with those definitions would tell you right away whether you run into memory limits. My guesstimate is you would not. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
