From owner-freebsd-ipfw Sun Sep 1 13:39:10 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C16537B400 for ; Sun, 1 Sep 2002 13:39:05 -0700 (PDT) Received: from idk.com (idk.com [65.104.9.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4396143E75 for ; Sun, 1 Sep 2002 13:39:05 -0700 (PDT) (envelope-from ian@idk.com) Received: (from ian@localhost) by idk.com (8.9.3/8.9.3) id NAA20649; Sun, 1 Sep 2002 13:39:05 -0700 (PDT) From: Ian Kettleborough Message-Id: <200209012039.NAA20649@idk.com> Subject: Need some info please To: ipfw@freebsd.org Date: Sun, 1 Sep 2002 13:39:05 -0700 (PDT) X-Mailer: ELM [version 2.5 PL6] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am getting a lot ofDNS accesses (one was 50,000) but when I catch these I can block. What I am interested in the time that a typical denial statement ipfw add 1000 reject udp from x.x.x.0/24 to any takes to run and is this the most efficent was to do it. I am still running 2.8 (until I get 6.2 installed) but I may have 50 of these statements already mostly from eastern europe, china, russia and others. Any help or suggestions appreciated. Thanks Ian ian@idk.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message