Network wise or just from management efficiency? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Tue, Dec 4, 2012 at 1:58 PM, Butch Evans <[email protected]> wrote: > On Tue, 2012-12-04 at 11:35 -0500, David Hulsebus wrote: > > We've had someone sending network attacks on us over the last few days. > > We are blocking 15K + IP addresses each 24 hours and and have an address > > list that has grown to more than 45K since Sunday morning. I do see my > > CPU usage hasn't really grown beyond 10% - it usually runs 6-8%. Which > > brings me to the question. At that scale are address list look-ups more > > efficient than multiple rules? Or is there a difference ? I am looking > > at increasing the blocked time from 3 days to 14. > > Address lists are much more efficient than multiple rules. For example: > /ip firewall filter > add chain=input protocol=tcp dst-port=22 src-address-list=nossh > action=drop > > The above is MUCH more efficient with an address list of 100 IPs than it > would be to have 100 rules of dropping dst-port tcp/22. I am assuming > this is the question you are asking. NOTE that this is just an example > and NOT the best way to handle input rules to manage traffic on port 22 > or any other management port. > > -- > ******************************************************************** > * Butch Evans * Professional Network Consultation * > * http://www.butchevans.com/ * Network Engineering * > * http://store.wispgear.net/ * Wired or Wireless Networks * > * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * > * NOTE THE NEW PHONE NUMBER: 702-537-0979 * > ******************************************************************** > > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20121204/3488dcf6/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
