Date: Wed, 21 Jun 2006 01:10:12 +0400 From: "Andrew Pantyukhin" <infofarmer@gmail.com> To: "Brett Glass" <brett@lariat.org>, "Phil Regnauld" <regnauld@catpipe.net> Cc: net@freebsd.org Subject: Re: Best way to block a long list of IPs? Message-ID: <cb5206420606201410i22e5ad0bn2ab5984e0f5a85b7@mail.gmail.com> In-Reply-To: <7.0.1.0.2.20060620143845.06662330@lariat.org> References: <7.0.1.0.2.20060620143845.06662330@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/21/06, Brett Glass <brett@lariat.org> wrote: > Everyone: > > I've got an application in which I must block incoming TCP > connections to a FreeBSD server from a potentially large list of IP > addresses. Using IPFW is not a very efficient way to accomplish > this, because it must do a linear search of a list (either one > address per rule or an "or" list in a rule) and this could slow > down every packet entering the machine dramatically. ipfw tables are stored in Radix trees, which are very efficient.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420606201410i22e5ad0bn2ab5984e0f5a85b7>