On Thu, 2005-01-20 at 15:07, jdf [zionarea.org] wrote: > Hi, > > I was intended to use peerguardian ban list inside my iptables rules. > I've done a program in C++ to read this file and to put iptables > commands (using the system function). > However it is very very very slow (1 hour picked up a very few of > all the machines). It might be due to the fact that I don't use > the iprange. Is it true ? > Is there any way to do that in a fast manner without using iprange ? > > I mean: > > when I have addresses like 4.1.2.0-4.1.3.255, I need to call as much > iptables command as there are computers. iprange seems to be best > but I'm not sure if I will encounter speed up. > > Thank you. you may want to add network summarization capabilities to your program; as your example "range" can be summarized as: 4.1.2.0/23...which results in 1 rule instead of 512 rules. i use the perl NetAddr::IP module to do things like this. -j -- "The only monster here is the gambling monster that has enslaved your mother! I call him Gamblor, and it's time to snatch your mother from his neon claws!" --The Simpsons
