On Fri, Sep 21, 2001 at 10:29:29AM -0400, Bill Rugolsky Jr. wrote:
> Have you looked into iptables? There is a POOL extension module in
> iptables-1.2.3 that I believe allows one to create pools (i.e., dictionaries)
> of IP addresses and a filter for matching against a given pool. Since
> it is just a hash lookup, this ought to be a small constant-time operation,
> regardless of the number of addresses.
>
> The POOL module may be experimental; I haven't had a chance to look into
> it.
Looking at the code, it seems that I was wrong. POOL uses bitmaps,
which are quite efficient for address ranges up to /16 or so, but is not
really useful for random IP addresses.
It is probably not very difficult to use the POOL implementation as a
guide to creating a new extension module that uses a different
dictionary implementation, such as hash tables. I wish I had the time
to code it up, but I work downtown NYC, so I'm a bit busy. :-/
Regards,
Bill Rugolsky
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
