Date: Wed, 19 Sep 2001 11:01:33 -0700 From: Joseph McDonald <joe@vpop.net> To: freebsd-net@freebsd.org Cc: mreimer@vpop.net Subject: fast ip filter Message-ID: <141-2133282484.20010919110133@vpop.net>
next in thread | raw e-mail | index | archive | help
Hi, Is there a utility that will allow me to inject an IP#/port# into a hash (or similiar structure) table that the kernel can consult to determine if it should drop an incoming connection? I am trying to stop the new worm that is out there. I have about 8000 and growing hosts that I need to block. I have tried ipfw but it *really* slows down the machine. For now I am just adding a route to 127.0.0.1 for the bad IP#'s, but what I really want is to just block them for port 80, not blackhole them for all services. thanks, -joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?141-2133282484.20010919110133>