Re: how many IPFW rules?
In the last episode (Oct 30), eBoundHost: Artur said: Hello FreeBSD people! I have a smtp server under attack by what seems like a large botnet. My inetd is choking under the load and not allowing real mail through. I've successfully used tshark to find the offenders and put them into ipfw firewall for port 25. So here is my question, I'm currently blocking 55,529 ip addresses and the server seems pretty snappy, with no noticible load or lag. How many more rulesets will I be able to handle before things start getting fuzzy? If you've created 55K separate rules and you're not seeing any slowdown, then you must have a fast machine :) Using an ipfw table should be even better, though. That lets you load any number of ip/netmask pairs into a tree-based lookup table and match all addresses using one ipfw rule. The ipfw manpage has examples. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how many IPFW rules?
I'm not going to brag but this is one hell of a server :-) hardware prices were not a concern when we built it. Thanks for the pointer I'll definitely manpage it now that I know where to start looking. --Original Message-- From: Dan Nelson Sender: To: eBoundHost: Artur Cc: freebsd-questions@freebsd.org Sent: Oct 30, 2007 23:36 Subject: Re: how many IPFW rules? In the last episode (Oct 30), eBoundHost: Artur said: Hello FreeBSD people! I have a smtp server under attack by what seems like a large botnet. My inetd is choking under the load and not allowing real mail through. I've successfully used tshark to find the offenders and put them into ipfw firewall for port 25. So here is my question, I'm currently blocking 55,529 ip addresses and the server seems pretty snappy, with no noticible load or lag. How many more rulesets will I be able to handle before things start getting fuzzy? If you've created 55K separate rules and you're not seeing any slowdown, then you must have a fast machine :) Using an ipfw table should be even better, though. That lets you load any number of ip/netmask pairs into a tree-based lookup table and match all addresses using one ipfw rule. The ipfw manpage has examples. -- Dan Nelson [EMAIL PROTECTED] Best Regards, Artur eBoundHost http://www.eboundhost.com [EMAIL PROTECTED]___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how many IPFW rules?
On Tuesday 30 October 2007 22:57:31 eBoundHost: Artur wrote: Hello FreeBSD people! I have a smtp server under attack by what seems like a large botnet. My inetd is choking under the load and not allowing real mail through. I've successfully used tshark to find the offenders and put them into ipfw firewall for port 25. So here is my question, I'm currently blocking 55,529 ip addresses and the server seems pretty snappy, with no noticible load or lag. How many more rulesets will I be able to handle before things start getting fuzzy? Do you use 55,529 rules? well, if you do, stop doing it :) There is a solution designed for large sets of addresses, so you better use it. Search the ipfw manual page for lookup table. Apparently, there is no problem doing it the way you do it for your load, but tables are designed for such situations and should be more appopriate and lightweight. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
how many IPFW rules?
Hello FreeBSD people! I have a smtp server under attack by what seems like a large botnet. My inetd is choking under the load and not allowing real mail through. I've successfully used tshark to find the offenders and put them into ipfw firewall for port 25. So here is my question, I'm currently blocking 55,529 ip addresses and the server seems pretty snappy, with no noticible load or lag. How many more rulesets will I be able to handle before things start getting fuzzy? Best Regards, Artur eBoundHost.com http://www.eboundhost.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]