Removing my services from the standard ports, I saw a massive drop in these requests. On Mon, Oct 12, 2009 at 5:01 PM, Lucian @ lastdot.org <lucian at lastdot.org>wrote: > On Mon, Oct 12, 2009 at 9:36 PM, nate <centos at linuxpowered.net> wrote: > > Amos Shapira wrote: > >> There is an iptables geoip module to allow you to specify countries. I > >> never used it thought. > > > > I love linux, been using it for about 14 years but a good firewall it > > does not make.. > > > > http://www.openbsd.org/faq/pf/tables.html > > > > "A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups > > against a table are very fast and consume less memory and processor time > > than lists. For this reason, a table is ideal for holding a large group > of > > addresses as the lookup time on a table holding 50,000 addresses is only > > slightly more than for one holding 50 addresses > > [..] > > Tables can also be populated from text files containing a list of IP > > addresses and networks: > > > > table <spammers> persist file "/etc/spammers" > > > > block in on fxp0 from <spammers> to any > > [..] > > Tables can be manipulated on the fly by using pfctl(8). For instance, to > add > > entries to the <spammers> table created above: > > > > # pfctl -t spammers -T add 218.70.0.0/16" > > > > -- > > > > Myself I'd be interested in seeing a iptables system running > > with 50,000 rules for matching against. > > > > > > nate > > > > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > That's why i was recommending ipset earlier. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- http://www.goldwatches.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091014/8e9ba989/attachment-0005.html>