Date: Sun, 1 May 2005 16:27:56 +0100 From: "Richard Tector" <richardtector@thekeelecentre.com> To: "'Chuck Rock'" <carock@epconline.com>, <freebsd-ipfw@freebsd.org> Subject: RE: Problem with high load on Xeon server... Message-ID: <000001c54e62$5ab80ca0$0c01000a@RLaptop> In-Reply-To: <20050501093740.C38031@kira.epconline.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>Why 60,000 IP's you ask... These boxes ar ehigh traffic mail servers, and >I've got an extensive sendmail access file. I wanted to keep the servers >from handling so much spam by blocking the IP's of relays that failed the >access list relay check. >Over about one week, I have 60,000+ unique IP addresses from my logs. You might want to consider using pf which has extensive table support. I'm not sure what the limits are on the table size, but you simply add another. This means a minimal ruleset and table lookups are orders of magnitude faster than rule processing. Ipfw now has table support. In 5.3+ at least. I don't know how quick these are in comparison to pf however. The only problem with using pf is you'd ideally need to upgrade to 5.3 or above. Perhaps rig up another box to try it on? Regards, Richard Tector
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c54e62$5ab80ca0$0c01000a>