loading huge number of rules in iptables (blocklist)
- From: "H.S." <hs.samix@xxxxxxxxx>
- Date: Tue, 20 Mar 2007 19:07:01 -0400
Hello,
I am playing round with the blocklist file obtained from peerguardian (level1.gz). I have written a bash function which I call in my iptables script to load these rules.
The following function actually loads the rules from a gzipped file (e.g. /etc/firewall/level1.gz, defined by the P2PBLOCKLISTFILE variable)
#function that creats the rules to block the traffic from blocked list
function FuncBlockedIPsRules {
echo "Making rules for Blocked IPs traffic";
while read Line; do
#get the ip address range from the file
IpRange=`echo -n $Line | sed -e 's/.*:\(.*\)-\(.*\)/\1-\2/'`;
#drop the traffic from this port range
$IPTABLES -A ${CHN_BTBLOCKEDIPS} \
-m iprange --src-range $IpRange -j DROP
done < <(zcat ${P2PBLOCKLISTFILE} | iconv -f latin1 -t utf-8 - | dos2unix)
}
Now, currently, there are around 151,000 ipranges listed in level1.gz to block. So the above function's loop goes over these many times inserting the rules for each range. And this is taking huge amount of time: in over 50 minutes, only around 12% rules have been loaded on my router running Etch (Pentium III, 449MHz, 380 MB RAM).
How can I speed this up? Advice?
thanks,
->HS
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Follow-Ups:
- Re: loading huge number of rules in iptables (blocklist)
- From: Andy Smith
- Re: loading huge number of rules in iptables (blocklist)
- From: Henrique de Moraes Holschuh
- Re: loading huge number of rules in iptables (blocklist)
- From: H.S.
- Re: loading huge number of rules in iptables (blocklist)
- Prev by Date: Re: Very slow network - Ubuntu
- Next by Date: Re: Very slow network - Ubuntu
- Previous by thread: New Israeli Debian mirror: archive & CD images
- Next by thread: Re: loading huge number of rules in iptables (blocklist)
- Index(es):
Relevant Pages
|
