On Fri, 27 Sep 2002, Orlando Andico wrote: > > hello all, > > perhaps due to my aggressive blocking of spam netblocks, we've become a > favorite whipping boy for spammers who're sending us SYN requests and > holding all our smtpd's hostage. > > to alleviate this issue, i've written a script which outputs about 2000 > iptables rules (i have a database where i keep track of which IP's are > naughty and nice..) > > the problem now is.. how can i quantify the performance hit iptables is > extracting? 2000+ rules is not inconsiderable. >
At the very least if performance does degrade, you'ld see it in a simple file or data stream transfer. ttcp would probably be a good benchmark, with and without the tables _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
