Date: Wed, 21 Jun 2006 14:31:01 +0300 (EEST) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: Luigi Rizzo <rizzo@icir.org> Cc: Brett Glass <brett@lariat.org>, net@freebsd.org Subject: Re: Best way to block a long list of IPs? Message-ID: <20060621141816.T41119@atlantis.atlantis.dp.ua> In-Reply-To: <20060620143640.B1416@xorpc.icir.org> References: <7.0.1.0.2.20060620143845.06662330@lariat.org> <20060620205730.GC3968@catpipe.net> <20060620140722.A1192@xorpc.icir.org> <7.0.1.0.2.20060620151013.042be3f8@lariat.org> <7.0.1.0.2.20060620152540.06cc64e8@lariat.org> <20060620143640.B1416@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! On Tue, 20 Jun 2006, Luigi Rizzo wrote: > On Tue, Jun 20, 2006 at 03:26:25PM -0600, Brett Glass wrote: >> Oh, by the way: I should mention that the server is running FreeBSD >> 4.11. It's doing file-intensive work, and file system performance >> in FreeBSD 6.x is noticeably slower. > > ipfw tables are also in 4.11 Just don't forget to switch your system to ipfw2 (RELENG_4 uses ipfw1 by default). Switching is described in "USING IPFW2 IN FreeBSD-STABLE" section of ipfw(8). Manpage suggests recompiling /sbin/ipfw and /usr/lib/libalias along with the kernel, but /sbin/natd is statically linked against libalias in RELENG_4, so it also must be recompiled. Don't forget that you can't mix kernel compiled with "options IPFW2" and ipfw1-based binaries (compiled w/o IPFW2 defined) and vice versa (ipfw1-based kernel with ipfw2-based userland), so follow a standard upgrade path to be safe: 1) build (don't install) new binaries, 2) build and install new kernel, 3) reboot to single-user mode, 4) install new binaries, 5) reboot. Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060621141816.T41119>