Date: Sat, 25 Aug 2007 23:33:25 -0700 From: "Kevin Downey" <redchin@gmail.com> To: "CyberLeo Kitsana" <cyberleo@cyberleo.net> Cc: Dan Nelson <dnelson@allantgroup.com>, amin.scg@gmail.com, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: How to block 200K ip addresses? Message-ID: <1d3ed48c0708252333k55f55120n689ab811fa0a8230@mail.gmail.com> In-Reply-To: <46D11D24.4070206@cyberleo.net> References: <20070826013636.GC25055@dan.emsphone.com> <46d10500.1ebc720a.304c.1e2f@mx.google.com> <1d3ed48c0708252238u1f1adfdfpa69af42b5796c36b@mail.gmail.com> <46D11D24.4070206@cyberleo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/25/07, CyberLeo Kitsana <cyberleo@cyberleo.net> wrote: > Kevin Downey wrote: > > I would use the pf firewall, it has an option to file tables from a file like: > > > > table <evil> persist file "/root/evil.txt" > > > > kpd@zifnab /root% wc -l evil.txt > > 178438 evil.txt > > > > so its not 300k lines but it takes seconds to load. > > I attempted something similar with a digest of a PeerGuardian database > reworked with tableutil-0.6. The resultant file had 157,546 subnet > declarations in it. > > When I attempted to populate a pf table with the file on 6.2-RELEASE, it > thought about it for a few seconds, then happily reported: > > pfctl: Cannot allocate memory. > > I never pared it down to see where the actual limit was for my hardware, > though, as a partial PeerGuardian list is pretty much useless. > > -- > Fuzzy love, > -CyberLeo > Technical Administrator this machine is amd64 so perhaps the extra address space? I dunno, evil.txt is infact more or less the peerguardian list and it loads. -- I am the kwisatz haderach
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1d3ed48c0708252333k55f55120n689ab811fa0a8230>