Re: how many IPFW rules?
- From: Dan Nelson <dnelson@xxxxxxxxxxxxxxx>
- Date: Tue, 30 Oct 2007 23:36:04 -0500
In the last episode (Oct 30), eBoundHost: Artur said:
Hello FreeBSD people!
I have a smtp server under attack by what seems like a large botnet. My
inetd is choking under the load and not allowing real mail through. I've
successfully used tshark to find the offenders and put them into ipfw
firewall for port 25.
So here is my question, I'm currently blocking 55,529 ip addresses and the
server seems pretty snappy, with no noticible load or lag. How many more
rulesets will I be able to handle before things start getting fuzzy?
If you've created 55K separate rules and you're not seeing any
slowdown, then you must have a fast machine :) Using an ipfw table
should be even better, though. That lets you load any number of
ip/netmask pairs into a tree-based lookup table and match all addresses
using one ipfw rule. The ipfw manpage has examples.
--
Dan Nelson
dnelson@xxxxxxxxxxxxxxx
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- how many IPFW rules?
- From: eBoundHost: Artur
- how many IPFW rules?
- Prev by Date: RTG config
- Next by Date: Procmail/processing question
- Previous by thread: how many IPFW rules?
- Next by thread: Re: how many IPFW rules?
- Index(es):
Relevant Pages
|
