[ previous ] [ next ] [ threads ]
 
 From:  "Albert Lash" <albert dot lash at gmail dot com>
 To:  "Lee Sharp" <leesharp at hal dash pc dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] block using zonefiles
 Date:  Sun, 29 Jul 2007 13:11:58 -0400
I am not familiar with IPfilter, but with iptables you can create a
rule that matches one aspect of a packet, like a port, and then
forward it to another chain which has the long list of ip addresses to
block. That can speed up the passing of packets that will never get
filtered by the ip blacklist, as well as help organize and cleanup the
config.

Perhaps something like this could be setup in the webgui, similar to
the traffic shaper gui.

On 7/28/07, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> Peter Teunissen wrote:
>
> > Hm, the hostfile I'd like to use consists of 1280 lines, with a network
> > range (like 58.14.0.0/15) on each line. I would need a rule for each, so
> > that would probably swamp my PII. Won't work.
>
> In that case, wouldn't black hole static routes accomplish the same
> thing with less complexity?
>
>                         Lee
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


-- 
My Blogs:
http://www.docunext.com/
http://www.albertlash.com/