From owner-freebsd-ipfw@FreeBSD.ORG Sun May 1 15:28:01 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D88616A4CE for ; Sun, 1 May 2005 15:28:01 +0000 (GMT) Received: from mx0.thekeelecentre.com (mx0.thekeelecentre.com [217.206.238.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F22943D3F for ; Sun, 1 May 2005 15:28:01 +0000 (GMT) (envelope-from richardtector@thekeelecentre.com) Received: from av.mx0.thekeelecentre.com (av.mx0.thekeelecentre.com [217.206.238.166]) by mx0.thekeelecentre.com (Postfix) with ESMTP id C6C41418E; Sun, 1 May 2005 16:27:59 +0100 (BST) Received: from mx0.thekeelecentre.com ([217.206.238.167]) [217.206.238.166]) (amavisd-new, port 10024) with ESMTP id 28259-08; Sun, 1 May 2005 16:27:59 +0100 (BST) Received: from RLaptop (gateway.home.tector.org.uk [82.69.226.134]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mx0.thekeelecentre.com (Postfix) with ESMTP id 5C25E418D; Sun, 1 May 2005 16:27:58 +0100 (BST) From: "Richard Tector" To: "'Chuck Rock'" , Date: Sun, 1 May 2005 16:27:56 +0100 Message-ID: <000001c54e62$5ab80ca0$0c01000a@RLaptop> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 In-Reply-To: <20050501093740.C38031@kira.epconline.net> Importance: Normal X-Virus-Scanned: by amavisd-new at mx0.thekeelecentre.com Subject: RE: Problem with high load on Xeon server... X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2005 15:28:01 -0000 >Why 60,000 IP's you ask... These boxes ar ehigh traffic mail servers, and >I've got an extensive sendmail access file. I wanted to keep the servers >from handling so much spam by blocking the IP's of relays that failed the >access list relay check. >Over about one week, I have 60,000+ unique IP addresses from my logs. You might want to consider using pf which has extensive table support. I'm not sure what the limits are on the table size, but you simply add another. This means a minimal ruleset and table lookups are orders of magnitude faster than rule processing. Ipfw now has table support. In 5.3+ at least. I don't know how quick these are in comparison to pf however. The only problem with using pf is you'd ideally need to upgrade to 5.3 or above. Perhaps rig up another box to try it on? Regards, Richard Tector