Problem with high load on Xeon server...
Richard Tector
richardtector at thekeelecentre.com
Sun May 1 08:28:01 PDT 2005
>Why 60,000 IP's you ask... These boxes ar ehigh traffic mail servers, and
>I've got an extensive sendmail access file. I wanted to keep the servers
>from handling so much spam by blocking the IP's of relays that failed the
>access list relay check.
>Over about one week, I have 60,000+ unique IP addresses from my logs.
You might want to consider using pf which has extensive table support. I'm
not sure what the limits are on the table size, but you simply add another.
This means a minimal ruleset and table lookups are orders of magnitude
faster than rule processing.
Ipfw now has table support. In 5.3+ at least. I don't know how quick these
are in comparison to pf however.
The only problem with using pf is you'd ideally need to upgrade to 5.3 or
above. Perhaps rig up another box to try it on?
Regards,
Richard Tector
More information about the freebsd-ipfw
mailing list