On Thu, Jun 03, 2004 at 08:58:54AM -0700, perdurabo wrote: > 1.) Will having large IPTables rulesets cause a significant > performance hit? I have plenty of resources to spare as all the crap I > have running on it now aren't taxing it much. Facts and educated > opinion appreciated.
I could offer my opinion, but actual testing is more useful. Look at this graph: http://www.hipac.org/firewall_performance_test/throughput_packets_per_second_results.htm The blue line is a netfilter module which is a drop in replacement for the filter table: http://www.hipac.org > 2.) Is there a port of OpenBSD's spamd available for Linux? I've > searched on Google with no luck. Are there any other slick tarpitting > solutions for Linux? If I could find something, I'd probably do this > in leiu of the iptables route, just to screw with the spammers and > help other folks on the net. Look at the labrea tarpit netfilter target. It aims at keeping a connection open, utilizing resources on the sending side. It's already in the standard kernel. here is an excellent overview: http://www.governmentsecurity.org/forum/index.php?s=83fa13b51b29a5d34c6e2cb8da889ace&showtopic=1708&st=0&#entry7601 Finally, consider dropping spamassassin. It is written in perl and takes a lot of processing power. I have not yet, but am learning about DSPAM which is written in C, supposedly much better at classification, and much, much faster. http://www.nuclearelephant.com/projects/dspam/ Cory -- Cory Petkovsek Adapting Information Adaptable IT Consulting Technology to Your (858) 705-1655 Business [EMAIL PROTECTED] www.AdaptableIT.com _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
