Re: how many IPFW rules?
- From: "eBoundHost: Artur" <artur@xxxxxxxxxxxxxx>
- Date: Wed, 31 Oct 2007 05:13:18 +0000
I'm not going to brag but this is one hell of a server :-) hardware prices were not a concern when we built it.
Thanks for the pointer I'll definitely manpage it now that I know where to start looking.
------Original Message------
From: Dan Nelson
Sender:
To: eBoundHost: Artur
Cc: freebsd-questions@xxxxxxxxxxx
Sent: Oct 30, 2007 23:36
Subject: Re: how many IPFW rules?
In the last episode (Oct 30), eBoundHost: Artur said:
Hello FreeBSD people!
I have a smtp server under attack by what seems like a large botnet. My
inetd is choking under the load and not allowing real mail through. I've
successfully used tshark to find the offenders and put them into ipfw
firewall for port 25.
So here is my question, I'm currently blocking 55,529 ip addresses and the
server seems pretty snappy, with no noticible load or lag. How many more
rulesets will I be able to handle before things start getting fuzzy?
If you've created 55K separate rules and you're not seeing any
slowdown, then you must have a fast machine :) Using an ipfw table
should be even better, though. That lets you load any number of
ip/netmask pairs into a tree-based lookup table and match all addresses
using one ipfw rule. The ipfw manpage has examples.
--
Dan Nelson
dnelson@xxxxxxxxxxxxxxx
Best Regards,
Artur
eBoundHost
http://www.eboundhost.com
artur@xxxxxxxxxxxxxx_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: Virtualization
- Next by Date: Primary group and parent dir
- Previous by thread: Re: how many IPFW rules?
- Next by thread: release(8) environmental variables
- Index(es):
Relevant Pages
|
|
