[plug] limits for the number of rules in iptables
Mark J Gaynor
mark at mjg.id.au
Fri Aug 20 11:08:05 WST 2004
Have you looked at making drop everything your default rule and then
your rules then become what you want to come through.
Mark
--
*********** REPLY SEPARATOR ***********
On 20/08/2004 at 6:39 AM William Kenworthy wrote:
>Does anyone know the practical limits for the number of rules to have in
>iptables? I am blackholing every (well most, dont want to dos myself!)
>IP that probes my gateway on tripwired ports. After a couple of days, I
>have over a thousand going to the bitbucket under the desk. After about
>600 DROP's, the logs noticably cleaned up and no longer look like www3
>
>There doesn't seem to be any real effect on lag so far, but at some
>threshold, I think I'll want to have the oldest rules fall out.
>
>BillK
>
>
>_______________________________________________
>PLUG discussion list: plug at plug.linux.org.au
>http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
>Committee e-mail: committee at plug.linux.org.au
More information about the plug
mailing list