Re: Optimizing Kernel for huge iptables ruleset

To: debian-firewall@lists.debian.org
Subject: Re: Optimizing Kernel for huge iptables ruleset
From: "Michael" <michael@etalon.net>
Date: Tue, 19 Oct 2004 08:28:55 -0700
Message-id: <[🔎] 20041019152704.M98186@etalon.net>
In-reply-to: <[🔎] 417502B0.9090004@gmx.net>
References: <[🔎] 417502B0.9090004@gmx.net>

On Tue, 19 Oct 2004 14:04:00 +0200, Martin G.H. Minkler wrote
> Alohá!
> 
> The situation:
> 
> AMD 1600 XP w/ 640 MB RAM @ 100MHZ FSB, one 3COM 905B eth1 connected 
> to LAN, one 3COM 905C connected to ADSL Modem (1024/128 line).
> 
> Two iptables rulesets:
> The first 'normal' ruleset is pretty restrictive against connetions 
> from the outside, more or less open towards connections opened from 
> the LAN. The second ruleset inserted after the first is a huge IP 
> blacklist 
> (1.4MB iptables script!) that takes nearly half an hour to be 
> inserted into the running ruleset.

Hi,
I don't quite understand your exact setup, but what about
blocking everything and only allow what you want?

Mike

Reply to:

References:
- Optimizing Kernel for huge iptables ruleset
  - From: "Martin G.H. Minkler" <dukeofnukem@gmx.net>

Prev by Date: Re: Optimizing Kernel for huge iptables ruleset
Next by Date: iptables -A or iptables -I?
Previous by thread: Re: Optimizing Kernel for huge iptables ruleset
Next by thread: Re: Optimizing Kernel for huge iptables ruleset
Index(es):
- Date
- Thread