Date: Tue, 30 Oct 2007 23:36:04 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: "eBoundHost: Artur" <artur@eboundhost.com> Cc: freebsd-questions@freebsd.org Subject: Re: how many IPFW rules? Message-ID: <20071031043604.GA3109@dan.emsphone.com> In-Reply-To: <002001c81b37$7dc605e0$6b00a8c0@mobility> References: <002001c81b37$7dc605e0$6b00a8c0@mobility>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Oct 30), eBoundHost: Artur said: > Hello FreeBSD people! > > I have a smtp server under attack by what seems like a large botnet. My > inetd is choking under the load and not allowing real mail through. I've > successfully used tshark to find the offenders and put them into ipfw > firewall for port 25. > > So here is my question, I'm currently blocking 55,529 ip addresses and the > server seems pretty snappy, with no noticible load or lag. How many more > rulesets will I be able to handle before things start getting fuzzy? If you've created 55K separate rules and you're not seeing any slowdown, then you must have a fast machine :) Using an ipfw table should be even better, though. That lets you load any number of ip/netmask pairs into a tree-based lookup table and match all addresses using one ipfw rule. The ipfw manpage has examples. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071031043604.GA3109>