Date: Fri, 6 Feb 2004 10:13:26 -0800 From: Luigi Rizzo <rizzo@icir.org> To: Don Bowman <don@sandvine.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Syntax to block 38 IPs Message-ID: <20040206101326.B62986@xorpc.icir.org> In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C85337045D7EEA@mail.sandvine.com>; from don@sandvine.com on Fri, Feb 06, 2004 at 01:09:48PM -0500 References: <FE045D4D9F7AED4CBFF1B3B813C85337045D7EEA@mail.sandvine.com>
index | next in thread | previous in thread | raw e-mail
On Fri, Feb 06, 2004 at 01:09:48PM -0500, Don Bowman wrote:
...
> deny ip from { 209.102.202.131, 209.102.202.132, ...} to any
this is still inefficient. Better to use
deny ip from 209.102.202.0/24{131,132,157,190,1,86} ...
which uses a bitmap to represent the list of hosts and has constant
processing time as opposed to having to scan a list.
cheers
luigi
> this uses IPFW2 I think.
>
> from the shell, remember to escape the { as \{.
>
> you could also send a RST i suppose, but just dropping it is
> best.
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040206101326.B62986>