With the potential of the growing use of the rules, seems that going towards a distributed mirror setup would be in order....and I'd be more than willing to offer to setup a mirror here....
Chris > -----Original Message----- > From: Randal, Phil [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 15, 2004 11:23 AM > To: [EMAIL PROTECTED] > Subject: RE: Lint failed - Rules Du Jour > > It needs more than a little fine tuning, it needs a complete rethink. > > If you're setting up a new box or adding new RDJ rules, any > testing will > be immediately blocked thus causing much woe and anguish across the > land. > > Once per 24 hours is way too restrictive. What you need to > do is block > after more than so many hits in a 24 hour period. But even then, 24 > boxes behind a NATed firewall will cause headaches. > > So, look carefully at the logs, set your rate limiting to once every 6 > hours for a starter, and if you still have problems then solve the > problem properly with distributed mirrors on a round-robin DNS or > similar. > > Cheers, > > Phil >
