Date: Wed, 31 Oct 2007 09:50:36 +0200 From: Nikos Vassiliadis <nvass@teledomenet.gr> To: freebsd-questions@freebsd.org Cc: "eBoundHost: Artur" <artur@eboundhost.com> Subject: Re: how many IPFW rules? Message-ID: <200710310950.37646.nvass@teledomenet.gr> In-Reply-To: <002001c81b37$7dc605e0$6b00a8c0@mobility> References: <002001c81b37$7dc605e0$6b00a8c0@mobility>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 30 October 2007 22:57:31 eBoundHost: Artur wrote: > Hello FreeBSD people! > > I have a smtp server under attack by what seems like a large botnet. My > inetd is choking under the load and not allowing real mail through. > I've successfully used tshark to find the offenders and put them into > ipfw firewall for port 25. > > So here is my question, I'm currently blocking 55,529 ip addresses and > the server seems pretty snappy, with no noticible load or lag. How many > more rulesets will I be able to handle before things start getting > fuzzy? Do you use 55,529 rules? well, if you do, stop doing it :) There is a solution designed for large sets of addresses, so you better use it. Search the ipfw manual page for "lookup table". Apparently, there is no problem doing it the way you do it for your load, but tables are designed for such situations and should be more appopriate and lightweight. Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710310950.37646.nvass>