Am 2007-03-20 19:07:01, schrieb H.S.:
> function FuncBlockedIPsRules {
> echo "Making rules for Blocked IPs traffic";
> while read Line; do
> #get the ip address range from the file
> IpRange=`echo -n $Line | sed -e 's/.*:\(.*\)-\(.*\)/-/'`;
> #drop the traffic from this port range
> $IPTABLES -A ${CHN_BTBLOCKEDIPS} \
> -m iprange --src-range $IpRange -j DROP
> done < <(zcat ${P2PBLOCKLISTFILE} | iconv -f latin1 -t utf-8 - | dos2unix)
> }
This is definitivly to slow!
Why not dump the whole iptables aand then cut it into three blocks.
1) The block before the blocklist rules
2) the BLOCKLIST
3) The block AFTER the bloclist rules.
Then you can create the second block (I have over 800.000 rules there)
VERY fast from a script. After this "cat" it together and use
iptables_resore to push the whole thing @once into iptables...
It will take around 10-20 seconds for it...
Thanks, Greetings and nice Day
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
