>Way too much traffic for that. I did try http://phprbl.init1.nl/ but lookups are to slow. All those
types of options require the server to do more work and dns lookups. My current system is very
efficient but it would be better to deny the request at the firewall level.
The only thing that I can recommend for m0n0wall is to have someone
write a patch to bulk add the rules that you want. As long as we're
using ipf, it seems like a bad option to let people bulk load ips for a
particular rule, since it requires a separate rule for each one, and
people are likely to wind up shooting themselves in the foot.
If m0n0wall used pf, which, unfortunately, it doesn't, it would be a
simple matter of making a table of all of the IPs and writing a block
rule for it. That approach would be fast and efficient. If your server
is BSD (which I would surmise that it's not) you could run a local pf
firewall for that express purpose.
There's one other option that I can think of, and that's using a program
like curl to post each rule to the firewall_rules_edit.php. It's
probably the simplest way. It still has the performance implications