loading huge number of rules in iptables (blocklist)
Hello,
I am playing round with the blocklist file obtained from peerguardian
(level1.gz). I have written a bash function which I call in my iptables
script to load these rules.
The following function actually loads the rules from a gzipped file
(e.g. /etc/firewall/level1.gz, defined by the P2PBLOCKLISTFILE variable)
#function that creats the rules to block the traffic from blocked list
function FuncBlockedIPsRules {
echo "Making rules for Blocked IPs traffic";
while read Line; do
#get the ip address range from the file
IpRange=`echo -n $Line | sed -e 's/.*:\(.*\)-\(.*\)/\1-\2/'`;
#drop the traffic from this port range
$IPTABLES -A ${CHN_BTBLOCKEDIPS} \
-m iprange --src-range $IpRange -j DROP
done < <(zcat ${P2PBLOCKLISTFILE} | iconv -f latin1 -t utf-8 - | dos2unix)
}
Now, currently, there are around 151,000 ipranges listed in level1.gz to
block. So the above function's loop goes over these many times inserting
the rules for each range. And this is taking huge amount of time: in
over 50 minutes, only around 12% rules have been loaded on my router
running Etch (Pentium III, 449MHz, 380 MB RAM).
How can I speed this up? Advice?
thanks,
->HS
Reply to: