CIDR Zone file merging for higher performance
We got an email from Cusimano.com person suggesting us to use CIDR zone file merging script from zwitterion.org. We have ran a few in-house tests and this Perl based script effectively decreases CIDR IP block count up to 60% or even more.
The less firewall rules you have set-up in your packet filter (server or firewall) the less matching needs to be done – this effectively decreases load and usage. In the next upcoming week we will fully implement this feature into freely available country zone files.
Thank you for your continued support and feel free to send us more suggestions or recommendations!
Categories: IPDeny
Umm, your blog software seems to have removed a few crucial characters, let’s ty this:
#!/usr/bin/perl
use strict;
use warnings;
use NetAddr::IP;
my @addresses = ();
while( ) {
chomp;
s/\s*#.*$//;
next if( !length );
push @addresses, NetAddr::IP->new( $_ );
}
exit unless( @addresses );
#print STDERR ( (scalar @addresses), ” addresses input, ” );
@addresses = NetAddr::IP::Compact(@addresses);
#print STDERR ( (scalar @addresses), ” addresses output\n” );
print join( “\n”, @addresses ), “\n”;
exit;
I have made significant modifications to a script initially posted by Vivek Gite at http://www.cyberciti.biz/faq/block-entier-country-using-iptables to address the performance issues and cache the zone updates from ipdeny for an iptables based firewall. The rationale for the changes and the altered script is available at http://psind.com/blog/2010/07/31/targeted-ip-blocking-align-web-services-to-your-target-markets/
@T Hackque
I don’t know Perl. Can I use this script to compress IP addresses by calling it with a file name from the command line or….
Thanks!