Date: Tue, 20 Jun 2006 22:57:30 +0200 From: Phil Regnauld <regnauld@catpipe.net> To: Brett Glass <brett@lariat.org> Cc: net@freebsd.org Subject: Re: Best way to block a long list of IPs? Message-ID: <20060620205730.GC3968@catpipe.net> In-Reply-To: <7.0.1.0.2.20060620143845.06662330@lariat.org> References: <7.0.1.0.2.20060620143845.06662330@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass (brett) writes: > > I've got an application in which I must block incoming TCP > connections to a FreeBSD server from a potentially large list of IP > addresses. Using IPFW is not a very efficient way to accomplish > this, because it must do a linear search of a list (either one > address per rule or an "or" list in a rule) and this could slow > down every packet entering the machine dramatically. pf tables are VERY efficient -- man pf.conf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060620205730.GC3968>