Hey folks,
This is one that is difficult to test in a test environment.
I've got OpenBSD 6.5 on a relatively new pair of servers each with 8G RAM.
With some scripting I'm looking at feeding block IPs to the firewalls
to block bad-guys in near real time, but in theory if we got attacked
by a bot net or something like that, it could result in a few thousand
IPs being blocked. Possibly even 10s of thousands.
Are there any real-world data out there on how big of a block list we
can handle without impacting performance?
We're doing the standard /etc/blacklist to load a table and then have
a block on the table right at the top of the ruleset.
thanks,
-Alan
--
"You should sit in nature for 20 minutes a day.
Unless you are busy, then you should sit for an hour"
- Zen Proverb
