From: Thomas Heinz <creatix@hipac.org>
To: Phil Howard <phil-netfilter@ipal.net>, netfilter@lists.netfilter.org
Subject: Re: how to block 10000's of addresses?
Date: Sun, 13 Oct 2002 19:25:21 +0200 [thread overview]
Message-ID: <3DA9AC81.6090508@hipac.org> (raw)
In-Reply-To: 20021013065007.A15824@hamal.ipal.net
Hi Phil
Phil Howard schrieb:
> I would like to know how best to block 10000's of addresses using
> netfilter. Clearly I do not want to be placing 10000's of individual
> filter table entries in.
Do you know nf-hipac? Michael Bellion and I made an announcement
on the netfilter list some time ago.
It's a new framework which implements a packet filter that maintains
the semantics of linear lists of rules while the matching algorithm
is much more efficient than just matching rules sequentially.
nf-hipac is a registered sourceforge project:
http://sourceforge.net/projects/nf-hipac/
You find some additional information (including a performance test)
on our homepage: http://www.hipac.org/
The missing documentation will be available soon (next week) but as
the userspace tool of nf-hipac uses the same syntax as iptables it
should not be a problem for you to cope with it. You don't even
have to recompile your kernel.
Finally, nf-hipac and iptables can be used at the same time. This might
be interesting for you if you need matches/targets which we do not yet
support. There is just one important thing to notice: the order in
which the packet filters are called. Currently, the iptables filter
table is called before nf-hipac. If you need it the other way around
tell me and I'll send you a mini patch.
Regards,
Thomas
next prev parent reply other threads:[~2002-10-13 17:25 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-13 11:50 how to block 10000's of addresses? Phil Howard
2002-10-13 12:10 ` Antony Stone
2002-10-13 13:00 ` Phil Howard
2002-10-13 13:13 ` Thomas Lussnig
2002-10-13 13:45 ` Phil Howard
2002-10-13 13:47 ` Robert P. J. Day
2002-10-13 14:56 ` Phil Howard
2002-10-13 16:25 ` Robert P. J. Day
2002-10-13 22:05 ` Phil Howard
2002-10-13 13:53 ` Antony Stone
2002-10-13 15:10 ` Phil Howard
2002-10-13 15:41 ` Antony Stone
2002-10-13 16:40 ` Thomas Lussnig
2002-10-13 17:25 ` Thomas Heinz [this message]
2002-10-13 17:42 ` Thomas Heinz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3DA9AC81.6090508@hipac.org \
--to=creatix@hipac.org \
--cc=netfilter@lists.netfilter.org \
--cc=phil-netfilter@ipal.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.