I would like to know how best to block 10000's of addresses using netfilter. Clearly I do not want to be placing 10000's of individual filter table entries in. Is there some kind of means to set up the equivalent of a routing table like lookup structure (which can be added to and removed from separately) which a single netfilter rule would reference to apply matches? I want to block _incoming_ packets. Null routing these addresses is not sufficient, as the lame SYNs will continue to eat up resources. -- ----------------------------------------------------------------- | Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ | | phil-nospam@ipal.net | Texas, USA | http://ka9wgn.ham.org/ | -----------------------------------------------------------------
