On 07/15/2014 11:09 AM, Alexander Dalloz wrote:
> Running without the pipe construct because awk can do that all by itself
> (reading the source file and inverse greping):
>
> while read ipblock
> do
> $IPTABLES -A Spamhaus -s $ipblock -j DROP
> done < <(awk '!/^;/ { print $1 }' $FILE)
>
> Alexander
Thanks Alexander,
Indeed you are right it can be done and with very big files it will mean
a lot.
Also he might consider to use ipset instead of basic iptables to make
the lookup a bit faster but it should be ok as it is.
Eliezer
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Re: Questoin on iptables
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Questoin on iptables
- From: Eliezer Croitoru <eliezer@xxxxxxxxxxxx>
- Date: Tue, 15 Jul 2014 18:19:13 +0300
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <53C4E1A5.4090003@uni-x.org>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
- References:
- Questoin on iptables
- From: Jerry Geis
- Re: Questoin on iptables
- From: Jerry Geis
- Re: Questoin on iptables
- From: Alexander Dalloz
- Re: Questoin on iptables
- From: Eliezer Croitoru
- Re: Questoin on iptables
- From: Alexander Dalloz
- Questoin on iptables
- Prev by Date: Re: Cemtos 7 : Systemd alternatives ?
- Next by Date: Re: Cemtos 7 : Systemd alternatives ?
- Previous by thread: Re: Questoin on iptables
- Next by thread: List attitude and content
- Index(es):
 |