Best way to block a long list of IPs?
Andrew Pantyukhin
infofarmer at gmail.com
Tue Jun 20 21:10:17 UTC 2006
On 6/21/06, Brett Glass <brett at lariat.org> wrote:
> Everyone:
>
> I've got an application in which I must block incoming TCP
> connections to a FreeBSD server from a potentially large list of IP
> addresses. Using IPFW is not a very efficient way to accomplish
> this, because it must do a linear search of a list (either one
> address per rule or an "or" list in a rule) and this could slow
> down every packet entering the machine dramatically.
ipfw tables are stored in Radix trees, which are very efficient.
More information about the freebsd-net
mailing list