I need to block a DDoS for a client, and although I'm able to detect the attacking IPs, and drop them in a table to block, the table is getting large quickly. Is there a better way to apply rules to 10-20k IP addresses? Clearly we don't want to block legitimate users. What I'm doing is working, I just wonder if it will scale, and if I'm missing some better solution. -- bill davidsen <davidsen@tmr.com> CTO, TMR Associates, Inc Doing interesting things with little computers since 1979. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
