How to block 200K ip addresses?
CyberLeo Kitsana
cyberleo at cyberleo.net
Sat Aug 25 23:27:20 PDT 2007
Kevin Downey wrote:
> I would use the pf firewall, it has an option to file tables from a file like:
>
> table <evil> persist file "/root/evil.txt"
>
> kpd at zifnab /root% wc -l evil.txt
> 178438 evil.txt
>
> so its not 300k lines but it takes seconds to load.
I attempted something similar with a digest of a PeerGuardian database
reworked with tableutil-0.6. The resultant file had 157,546 subnet
declarations in it.
When I attempted to populate a pf table with the file on 6.2-RELEASE, it
thought about it for a few seconds, then happily reported:
pfctl: Cannot allocate memory.
I never pared it down to see where the actual limit was for my hardware,
though, as a partial PeerGuardian list is pretty much useless.
--
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo at CyberLeo.Net>
Furry Peace! - http://wwww.fur.com/peace/
More information about the freebsd-questions
mailing list