Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

iptables limitations

59 views

Skip to first unread message

Jim Pazarena

unread,

Oct 22, 2011, 1:50:02 PM10/22/11

I have been using debian as a border router, and using
iptables to "drop" connections to various IPs which hit my honeypot.

I am wondering, if there is a point where too many iptables rules
impede the speed of the network?

How many "drops" can I entertain, before I should look at some
other method of firewall blocking?

What method(s) are available?

Thanks!

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/4EA2FFDE...@paz.bz

Raf Czlonka

unread,

Oct 28, 2011, 10:00:02 AM10/28/11

On Sat, Oct 22, 2011 at 06:39:42PM BST, Jim Pazarena wrote:
> I have been using debian as a border router, and using
> iptables to "drop" connections to various IPs which hit my honeypot.
>
> I am wondering, if there is a point where too many iptables rules
> impede the speed of the network?
>
> How many "drops" can I entertain, before I should look at some
> other method of firewall blocking?

It shouldn't matter.
Set your default policy to DROP and allow only the ones you need.

Regards,
--
Raf

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/20111028135...@linuxstuff.pl

0 new messages