From owner-freebsd-net@FreeBSD.ORG  Tue Jun 20 21:36:42 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9347416A47E
	for <net@freebsd.org>; Tue, 20 Jun 2006 21:36:42 +0000 (UTC)
	(envelope-from rizzo@icir.org)
Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2C8F343D48
	for <net@freebsd.org>; Tue, 20 Jun 2006 21:36:42 +0000 (GMT)
	(envelope-from rizzo@icir.org)
Received: from xorpc.icir.org (localhost [127.0.0.1])
	by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k5KLaeRi001531;
	Tue, 20 Jun 2006 14:36:40 -0700 (PDT)
	(envelope-from rizzo@xorpc.icir.org)
Received: (from rizzo@localhost)
	by xorpc.icir.org (8.12.11/8.12.3/Submit) id k5KLaeol001530;
	Tue, 20 Jun 2006 14:36:40 -0700 (PDT) (envelope-from rizzo)
Date: Tue, 20 Jun 2006 14:36:40 -0700
From: Luigi Rizzo <rizzo@icir.org>
To: Brett Glass <brett@lariat.org>
Message-ID: <20060620143640.B1416@xorpc.icir.org>
References: <7.0.1.0.2.20060620143845.06662330@lariat.org>
	<20060620205730.GC3968@catpipe.net>
	<20060620140722.A1192@xorpc.icir.org>
	<7.0.1.0.2.20060620151013.042be3f8@lariat.org>
	<7.0.1.0.2.20060620152540.06cc64e8@lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <7.0.1.0.2.20060620152540.06cc64e8@lariat.org>;
	from brett@lariat.org on Tue, Jun 20, 2006 at 03:26:25PM -0600
Cc: net@freebsd.org
Subject: Re: Best way to block a long list of IPs?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2006 21:36:42 -0000

On Tue, Jun 20, 2006 at 03:26:25PM -0600, Brett Glass wrote:
> Oh, by the way: I should mention that the server is running FreeBSD
> 4.11. It's doing file-intensive work, and file system performance
> in FreeBSD 6.x is noticeably slower.

ipfw tables are also in 4.11

> Your message does suggest another possible solution, though. Would
> blackhole routes be more efficient than using IPFW?
> 
> --Brett Glass