Date: Fri, 06 Feb 2004 12:54:11 -0600 From: "Jack L. Stone" <jacks@sage-american.com> To: Luigi Rizzo <rizzo@icir.org>, Don Bowman <don@sandvine.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Syntax to block 38 IPs Message-ID: <3.0.5.32.20040206125411.01e841f0@10.0.0.15> In-Reply-To: <20040206101326.B62986@xorpc.icir.org> References: <FE045D4D9F7AED4CBFF1B3B813C85337045D7EEA@mail.sandvine.com> <FE045D4D9F7AED4CBFF1B3B813C85337045D7EEA@mail.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
TopPost:
Thanks for the quick responses.
So, I gather under IPFW(#1), it's either 38 lines or upgrade to IPFW2
I haven't had time to study IPFW2 too well, although I know how to upgrade.
A follow-up question is that, if I do upgrade, will IPFW2 still use my old
rules until I can get around to tuning/tweaking...??
At 10:13 AM 2.6.2004 -0800, Luigi Rizzo wrote:
>On Fri, Feb 06, 2004 at 01:09:48PM -0500, Don Bowman wrote:
>...
>> deny ip from { 209.102.202.131, 209.102.202.132, ...} to any
>
>this is still inefficient. Better to use
>
> deny ip from 209.102.202.0/24{131,132,157,190,1,86} ...
>
>which uses a bitmap to represent the list of hosts and has constant
>processing time as opposed to having to scan a list.
>
> cheers
> luigi
>
>> this uses IPFW2 I think.
>>
>> from the shell, remember to escape the { as \{.
>>
>> you could also send a RST i suppose, but just dropping it is
>> best.
>>
>> _______________________________________________
>> freebsd-ipfw@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>
Best regards,
Jack L. Stone,
Administrator
Sage American
http://www.sage-american.com
jacks@sage-american.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20040206125411.01e841f0>