Can you expand a bit? Do you mean no iptables to running some rules, or a few rules to a lot of rules, or general wildcards (e.g. CC) compared to individual targets?
I have noticed a slight increase with > 2000 rules, but its quite noticeable >6000 rules (adds a ~200ms or so to latency) * why so many rules: one of the kids ran a downloader program that included bittorrent and the drop script happily blackholed each connect with an individual rule. I only discovered it by accident (checking the logs) - everything was ticking over quite nicely! BillK On Sat, 2005-10-08 at 04:23 +0000, Luke-Jr wrote: > On Thursday 06 October 2005 00:15, Mark Rudholm wrote: > > route add bad.person.or.network 127.0.0.1 (or otherwise bogus destination) > > is an effective emergency block. > > Just a small note: I've found that using iptables to drop the packets affects > latency quite a bit ;) > -- William Kenworthy <[EMAIL PROTECTED]> Home! -- [email protected] mailing list
