Ok will see what will happen this evening... Fail2ban cannot help due to spoofed ips.
The single bucket is problematic due to how we manage the gameservers, will update the status this evening :p Il giorno 06/gen/2011 16.50, "frostschutz" <frostsch...@metamorpher.de> ha scritto: > On Thu, Jan 06, 2011 at 04:16:23PM +0100, Marco Padovan wrote: >> as suspected that appear to keep a single bucket and allowing 20/sec on >> the whole server... not on every single port :( > > Yes, it's a single bucket. Does it really have to be per server? > I'd just use a sane value for limit and a large burst here (1000), > so short spikes will work but continuous DoS won't. > > After all even if just one gameserver gets DoSed, in the end > it's the whole server that has to cope with the network and CPU. > And as long as there is no DoS it will work normally, even > with just one bucket. > > Of course you could still add a separate bucket for each port > in the querylimit chain (no need for a drop rule for each port, > just put a single drop rule at the end). But if you do that > you'll likely run into performance problems again. > > So I think single bucket is preferable. > > Also consider combining this with fail2ban or similar, > so you can block IPs who are spamming you completely. > This will ease load both on your server, and the bucket. > > Regards > frostschutz > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
