Hi,
I have a list of 95460 ip ranges that I would like to block. Can I do this with MT? IE is this practical, what hardware would be required (CPU)?
Thanx
Just curious- are these 95000 entries individual IPs or entire ranges? Can they be aggregated into ranges to cut that number down?
I think you might have a hard time even getting that many rules into the system - I tried just as a test and it seemed to lock up the console. Didn’t try to figure that out because it was just my curiousity - but something you might want to just attempt to see what happens.
Although - we do have address-lists in use on a secondary network that compiles a list of IPs that use a specific USER-AGENT string on a website - and that list hit about 200,000 or so I believe. It seemed to be fine - but we didn’t make a firewall rule that checked the list, only added to it. I would think using the address-list functions with a single rule would work well.
Just my thoughts - I really have no clue : )
Sam
Hi,
Actual ranges! they come from a blacklist for PeerGuardian.
Thanx
yep try the address-lists option and see what happens. That will allow you to turn the single rule off and on quickly to see how the CPU is affected under load.
Curious with your findings - let us know please. Also, what specs on the machine are you using.
Sam