[plug] limits for the number of rules in iptables
William Kenworthy
billk at iinet.net.au
Fri Aug 20 06:39:34 WST 2004
Does anyone know the practical limits for the number of rules to have in
iptables? I am blackholing every (well most, dont want to dos myself!)
IP that probes my gateway on tripwired ports. After a couple of days, I
have over a thousand going to the bitbucket under the desk. After about
600 DROP's, the logs noticably cleaned up and no longer look like www3
There doesn't seem to be any real effect on lag so far, but at some
threshold, I think I'll want to have the oldest rules fall out.
BillK
More information about the plug
mailing list