Tom Eastep wrote: > >> advocap.org doesn't have that much to lookup. Only about a dozen entries >> and suspect most are for mail.advocap.org www.advocap.org and for spf text. >> >> Any idea what good limits would be? >> > > I'm using "Limit:none:5,60" and it has slowed the bogus queries reaching > my DNS server down to a trickle. > > Legitimate DNS servers should cache any response and since I only have a > few hosts, this seemed like a reasonable setting to me. YYMV. > > -Tom > Thanks
Seems to help. I'll try your settings. I tried a count of 20 and got an error on shorewall restart. Less than that is OK. No reason to go that high just figure I should mention it. Is there a way to test what ips are being blocked? John ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
