Blocking IPs from the FW

Jeremy Turner
Tue Oct 26 14:24:30 CDT 2004


Brian Densmore (DensmoreB at ctbsonline.com) wrote:
> By the way, anyone have a take on what kind of performance
> hit this will take on a server? So far I have 22 addresses
> or address ranges blocked in my blacklist. And is there a
> better way? Most of the attempts have been to try to gain
> root access via ssh, which root isn't allowed to ssh anyway,
> so this would always fail. Some are for non-existent users.

I guess it depends how often you run it and how big your log
file is.  Mine was only 128k and took just a second.  I guess
you could run it hourly or twice a day and not take that much
of a performance hit.  You'd have to grab the IPs from the log,
save them to a text file, then grab the unique IPs, flush the
firewall rules, and then generate them again.

Not too terrible, but if you're worried about CPU cycles you
might want to come up with a more effecient system.  My
server isn't hammered all that much so it's not a big deal.

Jeremy

-- 
--
Jeremy Turner <jeremy at linuxwebguy.com>
Linux Tips! ---> http://linuxwebguy.com




More information about the Kclug mailing list