In the last episode (Oct 30), eBoundHost: Artur said:
> Hello FreeBSD people!
>
> I have a smtp server under attack by what seems like a large botnet. My
> inetd is choking under the load and not allowing real mail through. I've
> successfully used tshark to find the offenders and put them into ipfw
> firewall for port 25.
>
> So here is my question, I'm currently blocking 55,529 ip addresses and the
> server seems pretty snappy, with no noticible load or lag. How many more
> rulesets will I be able to handle before things start getting fuzzy?
If you've created 55K separate rules and you're not seeing any
slowdown, then you must have a fast machine :) Using an ipfw table
should be even better, though. That lets you load any number of
ip/netmask pairs into a tree-based lookup table and match all addresses
using one ipfw rule. The ipfw manpage has examples.
--
Dan Nelson
[EMAIL PROTECTED]
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
