Need help!
D. Hageman
dhageman at dracken.com
Mon May 2 00:25:19 CDT 2005
On Sun, 1 May 2005, Jack wrote:
> --- Frank Wiles wrote:
>> On Sat, 30 Apr 2005 21:52:02 -0700 (PDT)
>> Jack <quiet_celt at yahoo.com> wrote:
>>
> I have about half of the addresses blocked, but what
> is
> the impact of adding 150 ip addresses to iptables with
> potentially hundreds more over time? At what point
> will iptables eat up all my bandwidth in blocking
> addresses?
>
> Thanks everyone for the suggestions.
Well, iptables doesn't really eat up your bandwidth - the guys trying to
connect to your box is what is wasting the bandwidth. The worst iptables
can do is eat up processor cycles filtering connections to your box. I
have seen machines with hundreds of iptables rules that operate with no
issues at all. It works in the kernel space so it can be very efficient.
You probably do not want to permanently deny any address. I believe you
can use an automated daemon like portsentry to dynamically add addresses to
iptables and after a period of time have that address removed.
//========================================================\\
|| D. Hageman <dhageman at dracken.com> ||
\\========================================================//
More information about the Kclug
mailing list