how many IPFW rules?
eBoundHost: Artur
artur at eboundhost.com
Tue Oct 30 22:40:10 PDT 2007
I'm not going to brag but this is one hell of a server :-) hardware prices were not a concern when we built it.
Thanks for the pointer I'll definitely manpage it now that I know where to start looking.
------Original Message------
From: Dan Nelson
Sender:
To: eBoundHost: Artur
Cc: freebsd-questions at freebsd.org
Sent: Oct 30, 2007 23:36
Subject: Re: how many IPFW rules?
In the last episode (Oct 30), eBoundHost: Artur said:
> Hello FreeBSD people!
>
> I have a smtp server under attack by what seems like a large botnet. My
> inetd is choking under the load and not allowing real mail through. I've
> successfully used tshark to find the offenders and put them into ipfw
> firewall for port 25.
>
> So here is my question, I'm currently blocking 55,529 ip addresses and the
> server seems pretty snappy, with no noticible load or lag. How many more
> rulesets will I be able to handle before things start getting fuzzy?
If you've created 55K separate rules and you're not seeing any
slowdown, then you must have a fast machine :) Using an ipfw table
should be even better, though. That lets you load any number of
ip/netmask pairs into a tree-based lookup table and match all addresses
using one ipfw rule. The ipfw manpage has examples.
--
Dan Nelson
dnelson at allantgroup.com
Best Regards,
Artur
eBoundHost
http://www.eboundhost.com
artur at eboundhost.com
More information about the freebsd-questions
mailing list