[off-topic] iptables and blocklist

To: debian-amd64@lists.debian.org
Subject: [off-topic] iptables and blocklist
From: Bharath Ramesh <bramesh@vt.edu>
Date: Fri, 26 Dec 2008 15:27:31 -0500
Message-id: <[🔎] 49553E33.8060302@vt.edu>

I am running debian amd64 and wondering what would be to integrate ablock list and iptables. I am thinking of using block lists similar tothis http://list.iblocklist.com/?list=bt_spyware. When I tried importingone such block list after parsing it with the script list below I getthe following error "iptables: memory allocation problem"


BLOCKLIST="/etc/blocklist.gz"
IPTABLES="/sbin/iptables"
SED="/bin/sed"

while read line
do
       ip_range=`echo -n $line | $SED -e 's/.*:\(.*\)-\(.*\)/\1-\2/'`;

$IPTABLES --append INPUT --match iprange --src-range $ip_range--jump DROP$IPTABLES --append OUTPUT --match iprange --dst-range $ip_range--jump DROP

done < <(zcat ${BLOCKLIST} | iconv -f latin1 -t utf-8 - | dos2unix)

I feel that this because of the large number of rules that are beingcreated. My question would be what would be a good way to block largenumber of ip ranges with iptables.


Thanks,

Bharath

Reply to:

Follow-Ups:
- Re: [off-topic] iptables and blocklist
  - From: Neil Gunton <neil@nilspace.com>
- Re: [off-topic] iptables and blocklist
  - From: Alex Samad <alex@samad.com.au>

Prev by Date: Re: How to tell when a hardware RAID disk goes bad?
Next by Date: Re: [off-topic] iptables and blocklist
Previous by thread: Re: How to tell when a hardware RAID disk goes bad?
Next by thread: Re: [off-topic] iptables and blocklist
Index(es):
- Date
- Thread