Selon Jason Opperisano <opie@xxxxxxxxxxx>: > On Thu, 2005-01-20 at 15:07, jdf [zionarea.org] wrote: > > Hi, > > > > I was intended to use peerguardian ban list inside my iptables rules. > > I've done a program in C++ to read this file and to put iptables > > commands (using the system function). > > However it is very very very slow (1 hour picked up a very few of > > all the machines). It might be due to the fact that I don't use > > the iprange. Is it true ? > > Is there any way to do that in a fast manner without using iprange ? > > > > I mean: > > > > when I have addresses like 4.1.2.0-4.1.3.255, I need to call as much > > iptables command as there are computers. iprange seems to be best > > but I'm not sure if I will encounter speed up. > > > > Thank you. > > you may want to add network summarization capabilities to your program; > as your example "range" can be summarized as: 4.1.2.0/23...which > results in 1 rule instead of 512 rules. Ok. This seems well. I'll have a look at that solution. > > i use the perl NetAddr::IP module to do things like this. Don't know that, I'll google it. > > -j > > -- > "The only monster here is the gambling monster that has enslaved your > mother! I call him Gamblor, and it's time to snatch your mother from > his neon claws!" > --The Simpsons > > >
