From owner-freebsd-questions@FreeBSD.ORG  Sun Jun 11 13:36:50 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 09B6916A46F
	for <freebsd-questions@freebsd.org>;
	Sun, 11 Jun 2006 13:36:50 +0000 (UTC)
	(envelope-from howie@thingy.com)
Received: from wotsit2.thingy.com (wotsit.thingy.com [212.21.100.67])
	by mx1.FreeBSD.org (Postfix) with SMTP id B9B9243D6D
	for <freebsd-questions@freebsd.org>;
	Sun, 11 Jun 2006 13:36:46 +0000 (GMT)
	(envelope-from howie@thingy.com)
Received: (qmail 96352 invoked by uid 0); 11 Jun 2006 13:36:44 -0000
Received: from unknown (HELO ?10.0.0.16?) (212.46.145.34)
	by wotsit2.thingy.com with SMTP; 11 Jun 2006 13:36:44 -0000
Message-ID: <448C1C62.90806@thingy.com>
Date: Sun, 11 Jun 2006 14:36:34 +0100
From: Howard Jones <howie@thingy.com>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: "Dan Mahoney, System Admin" <danm@prime.gushi.org>, 
	freebsd-questions@freebsd.org
References: <20060611083416.A86148@prime.gushi.org>
In-Reply-To: <20060611083416.A86148@prime.gushi.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: [freebsd-questions] Deny large number of IPs via ipfw
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jun 2006 13:36:50 -0000

Dan Mahoney, System Admin wrote:
> Hey all,
>
> I've got a file that I just synced from a major RBL, and I'd like to 
> just use it to globally deny access to my system.  Is there an easy 
> way to do this within ipfw -- the file is about 3 *million* lines, and 
> is from cbl.abuseat.org.
I do similar things using IPFW2's tables:

table 1 flush
table 1 add firstip
table 1 add 3millionthip
deny tcp from table(1) to me 25

ipfw tables use the same lookup structure as the FreeBSD routing table, 
so it's got to be reasonably efficient. I've never used it with quite 
that many entries though!

Chances are, you can aggregate your address list to reduce it somewhat 
though.

Have fun,

Howie