ok so… it appears to me that ipf does't have an easy way to load files with a large number of subnets. in pf i can do:
table <blocked_zones> persist file "/etc/pf-files/blocked_zones" and it will load a file with all the chinese ip ranges. and then i can block on <blocked_zones>. how do i do that in ipf?! thanks On Sat, Mar 14, 2015 at 7:14 AM, Manuel Bouyer <bou...@antioche.eu.org> wrote: > On Fri, Mar 13, 2015 at 11:25:50PM -0400, el kalin wrote: > > it didn't work. this is what happened: > > > > # sysctl net.inet.tcp.tso=0 > > sysctl: fourth level name 'tso' in 'net.inet.tcp.tso' is invalid > > yes, this sysctl doesn't exist on netbsd. > > > > > is there any firewall / packet filter that would work on the netbsd 6 ec2 > > image? anyone? > > ipf works and is compiled by default in the kernel. > > -- > Manuel Bouyer <bou...@antioche.eu.org> > NetBSD: 26 ans d'experience feront toujours la difference > -- >
