[CentOS] Questoin on iptables

Eliezer Croitoru eliezer at ngtech.co.il
Tue Jul 15 15:19:13 UTC 2014


On 07/15/2014 11:09 AM, Alexander Dalloz wrote:
> Running without the pipe construct because awk can do that all by itself
> (reading the source file and inverse greping):
>
> while read ipblock
> do
>       $IPTABLES -A Spamhaus -s $ipblock -j DROP
> done < <(awk '!/^;/ { print $1 }' $FILE)
>
> Alexander
Thanks Alexander,

Indeed you are right it can be done and with very big files it will mean 
a lot.

Also he might consider to use ipset instead of basic iptables to make 
the lookup a bit faster but it should be ok as it is.

Eliezer



More information about the CentOS mailing list