Re: Best way to block a long list of IPs?

From: Dmitry Pryanishnikov <dmitry@xxxxxxxxxxxxxx>
Date: Wed, 21 Jun 2006 14:31:01 +0300 (EEST)

Hello!

On Tue, 20 Jun 2006, Luigi Rizzo wrote:

On Tue, Jun 20, 2006 at 03:26:25PM -0600, Brett Glass wrote:
Oh, by the way: I should mention that the server is running FreeBSD
4.11. It's doing file-intensive work, and file system performance
in FreeBSD 6.x is noticeably slower.

ipfw tables are also in 4.11

Just don't forget to switch your system to ipfw2 (RELENG_4 uses ipfw1 by default). Switching is described in "USING IPFW2 IN FreeBSD-STABLE" section of ipfw(8). Manpage suggests recompiling /sbin/ipfw and /usr/lib/libalias along with the kernel, but /sbin/natd is statically linked against libalias in RELENG_4, so it also must be recompiled. Don't forget that you can't mix kernel compiled with "options IPFW2" and ipfw1-based binaries (compiled w/o IPFW2 defined) and vice versa (ipfw1-based kernel with ipfw2-based userland), so follow a standard upgrade path to be safe:

1) build (don't install) new binaries,
2) build and install new kernel,
3) reboot to single-user mode,
4) install new binaries,
5) reboot.

Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry@xxxxxxxxxxxxxx
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

References:
- Best way to block a long list of IPs?
  - From: Brett Glass
- Re: Best way to block a long list of IPs?
  - From: Phil Regnauld
- Re: Best way to block a long list of IPs?
  - From: Luigi Rizzo
- Re: Best way to block a long list of IPs?
  - From: Brett Glass
- Re: Best way to block a long list of IPs?
  - From: Brett Glass
- Re: Best way to block a long list of IPs?
  - From: Luigi Rizzo

Prev by Date: Re: [fbsd] [patch] ipfw packet tagging
Next by Date: Re: VPN with FAST_IPSEC and ipsec tools
Previous by thread: Re: Best way to block a long list of IPs?
Next by thread: Re: Best way to block a long list of IPs?
Index(es):
- Date
- Thread

Relevant Pages

FreeBSD 6.2-PRERELEASE on an Apple Mac Pro
... I got an Apple Mac Pro to play with. ... I tried to install FreeBSD and succeeded to a high degree of usefulness ... Then I tried to boot a FreeBSD 6.1-STABLE CD from Jun 5 2006. ... Jan 4 11:16:25 kernel: The Regents of the University of California. ...
(freebsd-stable)
Re: FreeBSD 6.0 Released: problem with HP Pavillion
... > Unfortunately i couldn't booted with any version of FreeBSD on HP ... > It always reboots while loading kernel. ... install a vanilla chunk of hardware when installing *BSD. ...
(freebsd-current)
PLIP transmit timeouts -- any solutions?
... I currently have a PLIP link to an old laptop running Linux (I tried to ... install FreeBSD, but it freezes at the USB detection -- yes, I tried ... FreeBSD desktop. ... I'm running 5.1-R on the FreeBSD system and a 2.4.18 Linux kernel as is ...
(freebsd-current)
Re: After install - Fatal trap 18 ATA problem?
... FreeBSD 6-STABLE installed a few months ago on this very ... install 6.1 too. ... integer divide fault while in kernel mode ... Could you see using gdb what C code is at ad_describe+0x1b3 ...
(freebsd-current)
Re: After install - Fatal trap 18 ATA problem?
... I did have FreeBSD ... The install goes just fine. ... integer divide fault while in kernel mode ... Could you see using gdb what C code is at ad_describe+0x1b3 ...
(freebsd-current)