Re: Best way to block a long list of IPs?
- From: "Andrew Pantyukhin" <infofarmer@xxxxxxxxx>
- Date: Wed, 21 Jun 2006 01:10:12 +0400
On 6/21/06, Brett Glass <brett@xxxxxxxxxx> wrote:
Everyone:
I've got an application in which I must block incoming TCP
connections to a FreeBSD server from a potentially large list of IP
addresses. Using IPFW is not a very efficient way to accomplish
this, because it must do a linear search of a list (either one
address per rule or an "or" list in a rule) and this could slow
down every packet entering the machine dramatically.
ipfw tables are stored in Radix trees, which are very efficient.
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- References:
- Best way to block a long list of IPs?
- From: Brett Glass
- Best way to block a long list of IPs?
- Prev by Date: Re: Best way to block a long list of IPs?
- Next by Date: Re: Best way to block a long list of IPs?
- Previous by thread: Re: Best way to block a long list of IPs?
- Next by thread: nat question
- Index(es):
Relevant Pages
|
|
