In the last episode (Oct 30), eBoundHost: Artur said: > Hello FreeBSD people! > > I have a smtp server under attack by what seems like a large botnet. My > inetd is choking under the load and not allowing real mail through. I've > successfully used tshark to find the offenders and put them into ipfw > firewall for port 25. > > So here is my question, I'm currently blocking 55,529 ip addresses and the > server seems pretty snappy, with no noticible load or lag. How many more > rulesets will I be able to handle before things start getting fuzzy?
If you've created 55K separate rules and you're not seeing any slowdown, then you must have a fast machine :) Using an ipfw table should be even better, though. That lets you load any number of ip/netmask pairs into a tree-based lookup table and match all addresses using one ipfw rule. The ipfw manpage has examples. -- Dan Nelson [EMAIL PROTECTED] _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"