Say I have a list of 1000 ip addresses for which I want to -j DROP all packets. I could: a. Do an iptables -A for each ip address; b. use -j QUEUE and look up the ip address with a binary search in a sorted array. I note: 1. The ip addresses are scattered, and not amenable concise representations using ranges or masks. 2. Binary search of a sorted array is a very efficient method for finding arbitrary members of a list. How should I proceed? Thanks in advance for your advice. Mike. -- Michael D. Berger m.d.berger@xxxxxxxx
