> Say I have a list of 1000 ip addresses for which I > want to -j DROP all packets. I could: > > a. Do an iptables -A for each ip address; > > b. use -j QUEUE and look up the ip address with a > binary search in a sorted array. > > I note: > > 1. The ip addresses are scattered, and not amenable > concise representations using ranges or masks. > > 2. Binary search of a sorted array is a very efficient > method for finding arbitrary members of a list. > > How should I proceed? > Thanks in advance for your advice. > Mike. Is http://ipset.netfilter.org what you're searching for ?? Gr, Rob
