On Sun, Oct 13, 2002 at 09:47:56AM -0400, Robert P. J. Day wrote: | On Sun, 13 Oct 2002, Phil Howard wrote: | | > On Sun, Oct 13, 2002 at 01:10:23PM +0100, Antony Stone wrote: | > | > | On Sunday 13 October 2002 12:50 pm, Phil Howard wrote: | > | | > | > I would like to know how best to block 10000's of addresses using | > | > netfilter. Clearly I do not want to be placing 10000's of individual | > | > filter table entries in. | > | | > | Sounds like an incompatible set of requirements. If you want to block 10000 | > | addresses (and assuming they don't fit into contiguous network ranges) then | > | you need 10000 rules to be able to specify what you want to block. | > | > They in fact are 10000+ different netblocks. | | can you perhaps explain just a bit of the rationale for what | you're doing? it's not often that one has to block that many | independent, non-related IP addresses. just curious. i mean, | if it were just for filtering SPAM, you could use other tools. The initial inspiration is for filtering spam. But I can see other uses, and am looking at this for broader re-usable purposes which would be initially deployed to filter spamming servers. What other tools are you referring to? Currently I use tools that work in an SMTP daemon of my MTA to refuse mail. But I am wanting to go beyond that, especially considering some places just keep pounding on SMTP to deliver spam despite getting permanent 5XX rejections of months or even a couple years. Are there other tools you are thinking of besides this? -- ----------------------------------------------------------------- | Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ | | phil-nospam@ipal.net | Texas, USA | http://ka9wgn.ham.org/ | -----------------------------------------------------------------
