From owner-freebsd-net@FreeBSD.ORG Thu Sep 14 15:20:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E02E016A412 for ; Thu, 14 Sep 2006 15:20:06 +0000 (UTC) (envelope-from wjw@withagen.nl) Received: from freebee.digiware.nl (www.tegenbosch28.nl [217.21.251.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id E119843D6B for ; Thu, 14 Sep 2006 15:20:04 +0000 (GMT) (envelope-from wjw@withagen.nl) Received: from [212.61.27.67] (opteron.digiware.nl [212.61.27.67]) by freebee.digiware.nl (Postfix) with ESMTP id D308C2AAA2; Thu, 14 Sep 2006 17:20:03 +0200 (CEST) Message-ID: <45097364.1090905@withagen.nl> Date: Thu, 14 Sep 2006 17:21:08 +0200 From: Willem Jan Withagen User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Barney Wolff References: <4509592A.3040602@digiware.nl> <20060914134611.GW76403@catpipe.net> <20060914150902.GA17230@pit.databus.com> In-Reply-To: <20060914150902.GA17230@pit.databus.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Willem Jan Withagen , freebsd-net@freebsd.org Subject: Re: blocking a string in a packet using ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2006 15:20:07 -0000 Barney Wolff wrote: > On Thu, Sep 14, 2006 at 03:46:12PM +0200, Phil Regnauld wrote: >> Willem Jan Withagen (wjw) writes: >>> Now I'm pretty shure that ipfw does not stretch indefinitely to contain >>> perhaps something like 100.000 ip-numbers (would be a nice test. :) ) >> Actually, it should. > > I have over 600000 addresses in an ipfw table with no observable trouble. > But that rule is triggered only about 10000 times a day (part of a spam > blocker). Well actually it does work. So once again, I'm impressed by FreeBSD. What no longer really works is 'ipfw l' since that takes longer than I care to wait for it. Forgot to mention: 4.7-PRERELEASE :( It's a box that I "inherited", and is supposed to go away/upgrade for already too long. It is so old, I only dear fix the most essential security, in fear of breaking or trashing the system. This however helps as a stick to get things moving. --WjW