On Tue, Mar 10, 2020 at 10:53 PM Jordan Geoghegan <jor...@geoghegan.ca> wrote: > > pf-badhost and unbound-adblock are both now at version 0.3, released > earlier today. > > Links to the scripts can be found here: > > www.geoghegan.ca/pfbadhost.html > www.geoghegan.ca/unbound-adblock.html
Thanks, this looks very interesting! But maybe you can help answering a question that popped up when I read your page about pf-badhost. You mention that "Subnet aggregation is used to take the address list and "aggregate" the addresses into the smallest possible representation using CIDR blocks.", but I was under the assumption that pf already did this for its tables to speed up lookups. Is there anything preventing the aggregation code to run on every pf table modification? Assuming an already sorted list, it shouldn't take long to merge a new entry. Perhaps I've missed some use of pf tables that makes this impossible or not applicable in the general case.
