[Firehol-support] Issue with Huge IP blocklist ?

shi ryu shiryu38 at gmail.com
Thu Jun 11 08:01:57 BST 2009


Hi guys,

I'm trying to use firehol to process some bluetack IP blocklist and I fear
that firehol cannot handle the size of the list.
Here is how I proceed :

1) I've put in CIDR format all the subnets I'd like to filter on (1 per
line) in the BADNETS file.
2) I've modified the firehol.conf following line from

interface eth0 internet src not "${UNROUTABLE_IPS}"

to

interface eth0 internet src not "${UNROUTABLE_IPS} `cat
/etc/firehol/BADNETS`"

*What happens :*

It seems that as long as my BADNETS file keeps a reasonable size, firehol is
able to process it (see the attached BADNETS.light file with its 17925
lines)....indeed *with BADNETS.light file no problem, firehol starts without
errors.*
But when I load the BADNETS.full file (see the attached BADNETS.full.zip
file with its 344396 lines) , then I get many runtime errors.

I've attached the error.log.zip file which is an extract of the bunch of
errors I get + the std output.

Any help appreciated.

Best Regards,
Shiryu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20090611/3d8f2b7a/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: error.log.zip
Type: application/zip
Size: 221967 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20090611/3d8f2b7a/attachment-0004.zip>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BADNETS.light
Type: application/octet-stream
Size: 287612 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20090611/3d8f2b7a/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BADNETS.full.zip
Type: application/zip
Size: 1184904 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20090611/3d8f2b7a/attachment-0005.zip>


More information about the Firehol-support mailing list