Alias performance hit

Britz · Aug 6, 2007, 2:30 PM

was wondering if able to have a alias containing say 10792 ip addresses (obviously best way to add em in would be to manually add to conf file)

and what kind of performance hit would it be to deny that alias as a destination from 2 interfaces? (performance hit being how long would it take a normal connection to go through all the rules)(maybe i should order it towards the bottom)

want to block proxies

specs are P4 1.5Ghz
256mb rdram

morbus · Aug 6, 2007, 4:01 PM

It would be best to allow the few IPs you want to have access
then deny all the rest save making a huge alias.

Britz · Aug 6, 2007, 5:01 PM

the idea is i want to block facebook(by ip address) and etc but if you just google for "unblock facebook" you get a whole listing of webpage based proxies

so what i want to do is block all the ip addresses behind every proxy listed @ proxy.org

and thing is i want this blocking to even work with https(so cant block based on content) else you could just open a https session with 1 of these proxies

or am i missing a much stronger method :-\

sullrich · Aug 6, 2007, 7:33 PM

You might want to look into using a squid proxy. You are using a flame-thrower when you should be using a screw-driver.