From owner-freebsd-questions@FreeBSD.ORG Thu Jan 15 04:30:53 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8007106564A for ; Thu, 15 Jan 2009 04:30:53 +0000 (UTC) (envelope-from fbsdlilly@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.170]) by mx1.freebsd.org (Postfix) with ESMTP id 8B6098FC0C for ; Thu, 15 Jan 2009 04:30:53 +0000 (UTC) (envelope-from fbsdlilly@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so971122wfg.7 for ; Wed, 14 Jan 2009 20:30:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=wUrn6CTJOmLyT6YYWgsd0/w4F1mkSUcbei5RdMdq5j8=; b=c9Ug2Q7WQIdbW8lzsNzh4p6pXOzvWZ93BWEeLMw+9iVqyD1+gISsdrte5TnwxV5fTU b4tisgGSxEuceO4BXBtn/29tUXukpxLpGUEX0Iz6UbJHCjlAERDzoGeNx5QyvgB/FjNQ oyeBwmbAJ+flxlXvCBbHnlStNGzNS7vVxHjg4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=Ynq4BUc3khcphnXuBImdrU3ATGvx/DODKthT5bufJoSEZnvwaY2gw5W9asK1yC1oEU 3zrFEZ2yloW7Hxem4uIkeBD/18Jl7vzltiD97IBxMETseo2J28sKGcbe9Q30ekAQrZ5I JeYbl+7hU4DFHJRqJU0Hrg4fkGXxKpX8NnRmo= MIME-Version: 1.0 Received: by 10.142.105.13 with SMTP id d13mr318811wfc.196.1231993853191; Wed, 14 Jan 2009 20:30:53 -0800 (PST) In-Reply-To: <496E1D22.9070106@ibctech.ca> References: <496E117D.8030306@itlegion.ru> <200901141801.45996.pieter@degoeje.nl> <496E1D22.9070106@ibctech.ca> Date: Wed, 14 Jan 2009 20:30:53 -0800 Message-ID: From: mojo fms To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Blocking very many (tens of thousands) ip addresses in ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jan 2009 04:30:54 -0000 Is this kind of thing doable with PF or really a ipfw thing more? On Wed, Jan 14, 2009 at 9:13 AM, Steve Bertrand wrote: > Pieter de Goeje wrote: > > On Wednesday 14 January 2009 17:23:25 Artem Kuchin wrote: > >> I need to block around 150000 ip addreses from acccess the server at all > >> at any port. The addesses are random, they are not nets. > >> These are the spammer i want to block for 24 hours. > >> The list is dynamically generated and regenerated every hour or so. > >> What is the most efficient way to do it? > >> At first i thought doing ipfw rules using 5 ips per rule, that would > >> result in 30000 rules! This will be too slow! > >> I need to something really quick and smart. Like matching the first > >> number from ip (195 from 192.1.2.3), > >> if it does not match - skip, if it does - compare the next one > >> and so on. > > > > Quoting ipfw(8): > > LOOKUP TABLES > > Lookup tables are useful to handle large sparse address sets, > typically > > from a hundred to several thousands of entries. There may be up to > 128 > > different lookup tables, numbered 0 to 127. > > > > net.inet.ip.fw.dyn_buckets should probably also be increased to > efficiently > > handle 150k IPs. > > Please correct me if I'm wrong, but if the OP is going to drop all > traffic immediately from the 150k IPs, then dyn_buckets shouldn't come > into play, as there is no dynamic rule generated. > > Steve > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >