2) Will breaking up my rules into groups fix the problem? (Brendan Conoboy/Eric Fichtner's How-To seems to indicate thus...
I doubt it will solve the loading problem. It will speed up matching against this huge ruleset.
3) Do I need to further sub-group within my groups to make the rule sets smaller yet?
20000/16 should be no problem on any decent system. But why not use 255 groups? So much easier to implement..
4) What are the group numbering rules? ( I assume they need to be numbers???) Can I use big numbers like 1000, 1016...1140 for group numbers? what about 10001000, 10001016, etc (if I want to sub divide)?
Judging from the 4.1.3 source, groups are strings of 15 characters max.
5) Is the order that the groups are placed on the ipf rule-list make a difference?
I don't think so. Rules are loaded before they are used.
6) I'm pretty sure this is a dumb/naive question...
Yes it is. :-P
Does indentation carry any significance? (I assume not, but...never hurts to ask)
Nope.
That seems enough questions for now...I'm kinda obsessed writing the perl list parser... I'm anxious to get this block list implemented to see how it behaves...
Be sure to post your results! I'm very interested in your config file when you get it working.
Sincerely,
Richard van den Berg
