And if I run it without persist or any other variable would it work? It seems to so far. But what should I look out for?
-Vaughn ----------------------------- Vaughn A. Hart [email protected] 646-284-4291 https://www.linkedin.com/in/vahart https://github.com/vaughnhart https://open.spotify.com/user/aojaa35704q6no3iqt4h6k8im?si=b8f2195781f64632 2Sam 14:14a We must all die; we are like water spilled on the ground, which cannot be gathered up again.“ Jesus said to her, “I am the resurrection and the life. Whoever believes in me, though he die, yet shall he live,” (John 11:25 ESV) On Wed, Apr 9, 2025 at 3:28 AM Peter N. M. Hansteen <[email protected]> wrote: > On Mon, Apr 07, 2025 at 05:04:30PM -0400, Vaughn A. Hart wrote: > > I was wondering if this list could be run neither as constant or > persistent > > but only at rule evaluation (ingress and egress) and what performance hit > > would I take. > > > > This is the list: > > > > https://www.cloudcix.com/ipblocklist.txt > > > > And this is the content : > > > > # RoboSOC IP blocklist > > # Published @ 20:40:07 07/04/25 > > # Blocklist contains 15525097IPv4 IPs > > # Blocklist contains 241 IPv6 IPs > > # Blocklist contains 61701 CIDR blocks > > > > Feasible or not? > > given that > > [Wed Apr 09 09:17:04] peter@skapet:~/tmp$ grep -v \# ipblocklist.txt | wc > -l > 63352 > > the list as presented contains sixty-plus thousand entries, it would fit > inside > the default table size (see table-entries in the limits sectiion of the > pf.conf > man page), so with something like > > table <ipblocklist> persist counters file "/home/vahahaha/ipblocklist.txt" > > with a matching > > block from <ipblocklist> > > would work, perhaps supplemented with a cron job to fetch updated data > and load them into the table. > > I don't have any similar equipment (M1 with 8G memory) available to test > but > simply trying to load a ruleset with those definitions would tell you > right away > whether you run into memory limits. My guesstimate is you would not. > > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >
