Mikhail Teterin wrote:
Neil Neely написав(ла):
I haven't explored this issue enough to speak with any authority -
but once upon a time I had an app doing tons of ipfw rule add/removes
all the time and we had no end of performance and stability problems
on that box (this would have been in 4.x or so timeline I expect).
As that approach wasn't really critical we abandoned it without
really digging into the details.
Years later a need for lots of rapid firewall changes came up again
and I drilled into it and found the use of tables was excellent for
doing this and it does the job very well. This is approach is on a
FreeBSD 6.3 box.
ipfw add 00550 deny ip from 'table(1)' to any
Then just add remove entries to table 1 via:
ipfw table 1 add 10.1.1.22/32
ipfw table 1 delete 10.1.1.22/32
show all entries in table 1 with:
ipfw table 1 list
Clear out the whole of table 1
ipfw table 1 flush
I can't be sure if this relates to your particular issue, but I would
recommend trying it out.
Thanks! I was not even aware of this functionality... Yes, I'll try
that -- maybe, a bug in ipfw only hits once per 1000 invocations :-)
-mi
blocksshd uses pf and a table to contain the addresses. you might want
to check it out
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
