Re: net.inet.tcp.tso=0

To: kalin%el.net@localhost
Subject: Re: net.inet.tcp.tso=0
From: Brad Spencer <brad%anduin.eldar.org@localhost>
Date: Tue, 17 Mar 2015 09:05:52 -0400 (EDT)

   yea=E2=80=A6  that's what thought=E2=80=A6

   i did read all the man pages i could find on any bsd for the ipf tools and
   none mentions anything about being able to block more than one range at a
   time - like macros or lists or tables, etc. according to ipdeny.com china
   has about 5300 of those=E2=80=A6

   i can put all of those in the conf file of course (not the nicest way), but
   can the filter handle that? or is there a sound reason why ipf is not
   supposed to have the option of blocking multiple ranges in the first place?

   thanks=E2=80=A6



ippool(8) and ippool(5), perhaps???


Fill a pool with a range and associate it with a IPF rule.


An example I use:

block in log on vlan3 proto tcp from hash/blocklist to any port = 22


where blocklist is a hash defined in /etc/ippool.conf

table role = ipf type = hash name = blocklist size = 20000
{
124.207.29.185/32;
191.234.22.127/32;
175.44.10.118/32;

Follow-Ups:
- Re: net.inet.tcp.tso=0
  - From: el kalin

References:
- net.inet.tcp.tso=0
  - From: el kalin
- Re: net.inet.tcp.tso=0
  - From: el kalin
- Re: net.inet.tcp.tso=0
  - From: el kalin
- Re: net.inet.tcp.tso=0
  - From: Manuel Bouyer
- Re: net.inet.tcp.tso=0
  - From: el kalin
- Re: net.inet.tcp.tso=0
  - From: el kalin

Prev by Date: Re: NPF syntax
Next by Date: Re: NPF syntax
Previous by Thread: Re: net.inet.tcp.tso=0
Next by Thread: Re: net.inet.tcp.tso=0
Indexes:

Home | Main Index | Thread Index | Old Index