On Thu, 10 Jul 2003, Andreas J Mueller wrote:
> Philip has already answered your question, but allow me to suggest
> another alternative:
>
> hostlist xxx = /path/to/host-file
>
> This uses an external file, which can contain IP addresses, netblocks
> and (wildcarded) host names, just like any inline hostlist. Of
> course, the file will have to be read completely the first time a
> lookup is done, but the result may be cached depending on your config.
What we have is a "deny" recipe containing
[...]
net16-dbm;CONFIG_DIR/class_B_reject.db: \
net24-dbm;CONFIG_DIR/class_C_reject.db: \
CONFIG_DIR/cidr_reject : \
[...]
which seems to us to be a reasonable compromise. Most entries are
"class C" (24-bit in today's money), in fact, whereas the number of
"odd-shaped" blocks that need to go into the plain file cidr_reject is
relatively small.
