[Discussion] Large IP list in rule

• Previous message (by thread): [Discussion] Large IP list in rule
• Next message (by thread): [Discussion] Join us at Hack.lu - October 21 - 25, 2013
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/02/2013 08:36 PM, cdevoe57 at nycap.rr.com wrote:
> I am attempting  to build a rule that alerts on a large number of destination IP addresses.  The list is roughly 8,000 ip addresses long.  Is there a limitation on the length of the list?  If so what is it?  Also. what is the best way to do this?

I doubt we'll even correctly parse that many ip's. It might be easier to
(ab)use the ip rep feature for this. I've tested that with a million of
ip's.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

• Previous message (by thread): [Discussion] Large IP list in rule
• Next message (by thread): [Discussion] Join us at Hack.lu - October 21 - 25, 2013
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]