On Mon, Oct 12, 2009 at 9:36 PM, nate <centos@xxxxxxxxxxxxxxxx> wrote:
> Amos Shapira wrote:
>> There is an iptables geoip module to allow you to specify countries. I
>> never used it thought.
>
> I love linux, been using it for about 14 years but a good firewall it
> does not make..
>
> http://www.openbsd.org/faq/pf/tables.html
>
> "A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups
> against a table are very fast and consume less memory and processor time
> than lists. For this reason, a table is ideal for holding a large group of
> addresses as the lookup time on a table holding 50,000 addresses is only
> slightly more than for one holding 50 addresses
> [..]
> Tables can also be populated from text files containing a list of IP
> addresses and networks:
>
> table <spammers> persist file "/etc/spammers"
>
> block in on fxp0 from <spammers> to any
> [..]
> Tables can be manipulated on the fly by using pfctl(8). For instance, to add
> entries to the <spammers> table created above:
>
> # pfctl -t spammers -T add 218.70.0.0/16"
>
> --
>
> Myself I'd be interested in seeing a iptables system running
> with 50,000 rules for matching against.
>
>
> nate
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
That's why i was recommending ipset earlier.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
