From owner-freebsd-net@FreeBSD.ORG Thu Sep 14 21:08:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE59B16A403 for ; Thu, 14 Sep 2006 21:08:13 +0000 (UTC) (envelope-from prvs=julian=4054a8e64@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 758B643D46 for ; Thu, 14 Sep 2006 21:08:13 +0000 (GMT) (envelope-from prvs=julian=4054a8e64@elischer.org) Received: from unknown (HELO [192.168.2.6]) ([10.251.60.95]) by a50.ironport.com with ESMTP; 14 Sep 2006 14:08:12 -0700 Message-ID: <4509C4BC.3090000@elischer.org> Date: Thu, 14 Sep 2006 14:08:12 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Willem Jan Withagen References: <4509592A.3040602@digiware.nl> <20060914134611.GW76403@catpipe.net> <20060914150902.GA17230@pit.databus.com> <45097364.1090905@withagen.nl> In-Reply-To: <45097364.1090905@withagen.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Barney Wolff , freebsd-net@freebsd.org, Willem Jan Withagen Subject: Re: blocking a string in a packet using ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2006 21:08:13 -0000 Willem Jan Withagen wrote: > Barney Wolff wrote: > >> On Thu, Sep 14, 2006 at 03:46:12PM +0200, Phil Regnauld wrote: >> >>> Willem Jan Withagen (wjw) writes: >>> >>>> Now I'm pretty shure that ipfw does not stretch indefinitely to >>>> contain >>>> perhaps something like 100.000 ip-numbers (would be a nice test. :) ) >>> >>> Actually, it should. >> >> >> I have over 600000 addresses in an ipfw table with no observable >> trouble. >> But that rule is triggered only about 10000 times a day (part of a spam >> blocker). > > > Well actually it does work. So once again, I'm impressed by FreeBSD. > What no longer really works is 'ipfw l' since that takes longer than I > care to wait for it. > > Forgot to mention: 4.7-PRERELEASE :( ugh... no tables and 45000 lines will be bad. load an old PC with 6.2 and seet it up as a bridge with 2 interfaces. and use ipfw table to filter on the bridge > It's a box that I "inherited", and is supposed to go away/upgrade for > already too long. > It is so old, I only dear fix the most essential security, in fear of > breaking or trashing the system. This however helps as a stick to get > things moving. > > --WjW > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"