From owner-freebsd-net@FreeBSD.ORG Tue Jun 20 21:23:24 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE8B116A474 for ; Tue, 20 Jun 2006 21:23:24 +0000 (UTC) (envelope-from brett@lariat.org) Received: from lariat.net (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E83A243D66 for ; Tue, 20 Jun 2006 21:23:23 +0000 (GMT) (envelope-from brett@lariat.org) Received: from Anne (IDENT:ppp1000.lariat.net@lariat.net [65.122.236.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id PAA14978; Tue, 20 Jun 2006 15:23:11 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <7.0.1.0.2.20060620151013.042be3f8@lariat.org> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Tue, 20 Jun 2006 15:22:46 -0600 To: Luigi Rizzo , net@freebsd.org, Phil Regnauld From: Brett Glass In-Reply-To: <20060620140722.A1192@xorpc.icir.org> References: <7.0.1.0.2.20060620143845.06662330@lariat.org> <20060620205730.GC3968@catpipe.net> <20060620140722.A1192@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: Subject: Re: Best way to block a long list of IPs? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2006 21:23:24 -0000 At 03:07 PM 6/20/2006, Luigi Rizzo wrote: >there are efficient tables in ipfw as well, which Ruslan implemented >some time ago -- yet another reason we should be grateful to him How would I build a table of arbitrary IP addresses and be able to update it atomically (i.e. add and delete individual addresses and not lose all filtering when there was a modification)? >and also, if your address are in the same /24 subnet, you can use >the ipfw address set format which looks like this > 1.2.3.0/24{10,20,21,30,34,55} >and can deal in constant time for up to 256 randomly distributed hosts. Not random enough. Each of these IP addresses could be anywhere in the 32 bit IPv4 address range. --Brett Glass