BAN an IP list FAST
Rob Sterenborg
rob at sterenborg.info
Sun Nov 27 19:46:41 CET 2005
> Say I have a list of 1000 ip addresses for which I
> want to -j DROP all packets. I could:
>
> a. Do an iptables -A for each ip address;
>
> b. use -j QUEUE and look up the ip address with a
> binary search in a sorted array.
>
> I note:
>
> 1. The ip addresses are scattered, and not amenable
> concise representations using ranges or masks.
>
> 2. Binary search of a sorted array is a very efficient
> method for finding arbitrary members of a list.
>
> How should I proceed?
> Thanks in advance for your advice.
> Mike.
Is http://ipset.netfilter.org what you're searching for ??
Gr,
Rob
More information about the netfilter
mailing list