BAN an IP list FAST
rob at sterenborg.info
Sun Nov 27 19:46:41 CET 2005
> Say I have a list of 1000 ip addresses for which I
> want to -j DROP all packets. I could:
> a. Do an iptables -A for each ip address;
> b. use -j QUEUE and look up the ip address with a
> binary search in a sorted array.
> I note:
> 1. The ip addresses are scattered, and not amenable
> concise representations using ranges or masks.
> 2. Binary search of a sorted array is a very efficient
> method for finding arbitrary members of a list.
> How should I proceed?
> Thanks in advance for your advice.
Is http://ipset.netfilter.org what you're searching for ??
More information about the netfilter