From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 14 16:45:03 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 328B8106568D
	for <freebsd-questions@freebsd.org>;
	Wed, 14 Jan 2009 16:45:03 +0000 (UTC)
	(envelope-from steve@ibctech.ca)
Received: from ibctech.ca (v6.ibctech.ca [IPv6:2607:f118::b6])
	by mx1.freebsd.org (Postfix) with SMTP id C09B48FC30
	for <freebsd-questions@freebsd.org>;
	Wed, 14 Jan 2009 16:45:02 +0000 (UTC)
	(envelope-from steve@ibctech.ca)
Received: (qmail 30744 invoked by uid 89); 14 Jan 2009 16:58:16 -0000
Received: from unknown (HELO ?IPv6:2607:f118::5?)
	(steve@ibctech.ca@2607:f118::5)
	by 2607:f118::b6 with ESMTPA; 14 Jan 2009 16:58:16 -0000
Message-ID: <496E1685.8090605@ibctech.ca>
Date: Wed, 14 Jan 2009 11:44:53 -0500
From: Steve Bertrand <steve@ibctech.ca>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Artem Kuchin <matrix@itlegion.ru>
References: <496E117D.8030306@itlegion.ru>
In-Reply-To: <496E117D.8030306@itlegion.ru>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: Blocking very many (tens of thousands) ip addresses in ipfw
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2009 16:45:04 -0000

Artem Kuchin wrote:
> I need to block around 150000 ip addreses from acccess the server at all
> at any port.  The addesses are random, they are not nets.
> These are the spammer i want to block for 24 hours.
> The list is dynamically generated and regenerated every hour or so.
> What is the most efficient way to do it?
> At first i thought doing ipfw rules using 5 ips per rule, that would
> result in 30000 rules! This will be too slow!
> I need to something really quick and smart. Like matching the first
> number from ip (195 from 192.1.2.3),
> if it does not match - skip, if it does - compare the next one
> and so on.

Use tables. They are efficient, and easy to manipulate.

# ipfw table 1 add xx.xx.xx.xx/xx
# ipfw deny all from "table(1)" to any

It would be best if you allowed only legitimate IP addresses to pass
traffic in/out of your network, and then deny all else, but the way your
message reads, this is SMTP traffic inbound, so 'allow some, deny the
rest' doesn't work too well here.

Steve