Alexander Samad wrote:
How efficient is recent, I currently scan my log files for 'evil'
activity and build up a list of around 2000s ip addresses which I place
into a BLOCKED chain, there is about 2 lines per entry cause I TARPIT
tcp sessions. But I could more easily manage it with recent as I can
just use the test of are they in the list !
I am presuming it is more efficient to use recent cause it hashes the
address ! can any one confirm this ?
A
I'm not sure how ""efficient the recent match extension is as I have not pushed it this far. Give it a try and let us know. I know that I personally can now write a lot of code (be it because of lack of trying or other reasons) but I do know that I can help the various developers by using and testing and trying to break their code. Oh, wait a moment, isn't that what the OSS community is about? ;)
You might want to check out SnowMan's web page at http://snowman.net/projects/ipt_recent/ on the IPTables recent match. I'm sure he would be happy to try to answer your question(s) there. If you do contact SnowMan (via his "About" page, be sure to congratulate him on his (new) baby.)
