From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 6 10:54:19 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF21416A4CE for ; Fri, 6 Feb 2004 10:54:19 -0800 (PST) Received: from franklin-belle.com (adsl-65-68-247-73.dsl.crchtx.swbell.net [65.68.247.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56D6F43D31 for ; Fri, 6 Feb 2004 10:54:16 -0800 (PST) (envelope-from jacks@sage-american.com) Received: from sagea (sagea.sage-american [10.0.0.3]) by franklin-belle.com (8.12.8p2/8.12.8) with SMTP id i16IsE0k003010; Fri, 6 Feb 2004 12:54:15 -0600 (CST) (envelope-from jacks@sage-american.com) Message-Id: <3.0.5.32.20040206125411.01e841f0@10.0.0.15> X-Sender: jacks@10.0.0.15 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 06 Feb 2004 12:54:11 -0600 To: Luigi Rizzo , Don Bowman From: "Jack L. Stone" In-Reply-To: <20040206101326.B62986@xorpc.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, hits=0.2 required=4.5 tests=AWL,TW_PF autolearn=ham version=2.63-sageame.rules_v3.1 X-Spam-Checker-Version: SpamAssassin 2.63-sageame.rules_v3.1 (2004-01-11) on franklin-belle.com cc: freebsd-ipfw@freebsd.org Subject: Re: Syntax to block 38 IPs X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2004 18:54:19 -0000 TopPost: Thanks for the quick responses. So, I gather under IPFW(#1), it's either 38 lines or upgrade to IPFW2 I haven't had time to study IPFW2 too well, although I know how to upgrade. A follow-up question is that, if I do upgrade, will IPFW2 still use my old rules until I can get around to tuning/tweaking...?? At 10:13 AM 2.6.2004 -0800, Luigi Rizzo wrote: >On Fri, Feb 06, 2004 at 01:09:48PM -0500, Don Bowman wrote: >... >> deny ip from { 209.102.202.131, 209.102.202.132, ...} to any > >this is still inefficient. Better to use > > deny ip from 209.102.202.0/24{131,132,157,190,1,86} ... > >which uses a bitmap to represent the list of hosts and has constant >processing time as opposed to having to scan a list. > > cheers > luigi > >> this uses IPFW2 I think. >> >> from the shell, remember to escape the { as \{. >> >> you could also send a RST i suppose, but just dropping it is >> best. >> >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com jacks@sage-american.com