On 10/24/07, Joerg Mertin <[EMAIL PROTECTED]> wrote:
> I did that already in the beginning ...
> However - the boot process took quite long to entere 2000 reject-routes
> (that is what you mean - no ?
> add route host xxx.xxx.xxx.xxx reject

If you have the ability to recompile the kernel I do believe that
IPsets are the solution you require. They're fast to insert, fast to
scan through. And shorewall supports IPsets well.

Prasanna
-- 
www.elinanetworks.com
Seamless, secure delivery of applications.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to