Date: Wed, 31 Oct 2007 05:13:18 +0000 From: "=?utf-8?B?ZUJvdW5kSG9zdDogQXJ0dXI=?=" <artur@eboundhost.com> To: "Dan Nelson" <dnelson@allantgroup.com> Cc: freebsd-questions@freebsd.org Subject: Re: how many IPFW rules? Message-ID: <1305054526-1193807596-cardhu_decombobulator_blackberry.rim.net-2105960323-@bxe009.bisx.prod.on.blackberry>
index | next in thread | raw e-mail
I'm not going to brag but this is one hell of a server :-) hardware prices were not a concern when we built it. Thanks for the pointer I'll definitely manpage it now that I know where to start looking. ------Original Message------ From: Dan Nelson Sender: To: eBoundHost: Artur Cc: freebsd-questions@freebsd.org Sent: Oct 30, 2007 23:36 Subject: Re: how many IPFW rules? In the last episode (Oct 30), eBoundHost: Artur said: > Hello FreeBSD people! > > I have a smtp server under attack by what seems like a large botnet. My > inetd is choking under the load and not allowing real mail through. I've > successfully used tshark to find the offenders and put them into ipfw > firewall for port 25. > > So here is my question, I'm currently blocking 55,529 ip addresses and the > server seems pretty snappy, with no noticible load or lag. How many more > rulesets will I be able to handle before things start getting fuzzy? If you've created 55K separate rules and you're not seeing any slowdown, then you must have a fast machine :) Using an ipfw table should be even better, though. That lets you load any number of ip/netmask pairs into a tree-based lookup table and match all addresses using one ipfw rule. The ipfw manpage has examples. -- Dan Nelson dnelson@allantgroup.com Best Regards, Artur eBoundHost http://www.eboundhost.com artur@eboundhost.comhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1305054526-1193807596-cardhu_decombobulator_blackberry.rim.net-2105960323->