My suggestion would be not even to try iptables. It'll take hours just to load 10 million entries. There's no efficient mass loading interface.
-J > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Monday, January 28, 2008 4:23 PM > To: Tomas L. Byrnes > Cc: nanog@nanog.org > Subject: Re: Worst Offenders/Active Attackers blacklists > > On Sun, 27 Jan 2008 12:21:27 PST, "Tomas L. Byrnes" said: > > I'm the CTO and founder of ThreatSTOP (www.threatstop.com), and we're > > currently propagating the DShield, and some other, block lists for > use > > in firewalls. I'm interested in gathering additional threat > > information, and serving additional communities. > > > > Is there any interest in a collaborative platform where anonymized > > candidates for blocking would be submitted by a trusted group, and > > then propagated out to the whole group? > > http://www.ranum.com/security/computer_security/editorials/dumb/ > > This illustrates dumb idea #2. Explain to me how you intend to > enumerate enough of the "bad" hosts out there that such a blocklist > would help, while still having it small enough that you don't blow out > the RAM on whatever device you're installing it on. Have you *tested* > whatever iptables/ipf/ACL for proper operation with 10 million entries? > >
