Amos Shapira wrote: > There is an iptables geoip module to allow you to specify countries. I > never used it thought. I love linux, been using it for about 14 years but a good firewall it does not make.. http://www.openbsd.org/faq/pf/tables.html "A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses [..] Tables can also be populated from text files containing a list of IP addresses and networks: table <spammers> persist file "/etc/spammers" block in on fxp0 from <spammers> to any [..] Tables can be manipulated on the fly by using pfctl(8). For instance, to add entries to the <spammers> table created above: # pfctl -t spammers -T add 218.70.0.0/16" -- Myself I'd be interested in seeing a iptables system running with 50,000 rules for matching against. nate