Problem with high load on Xeon server...
Chuck Rock
carock at epconline.com
Sun May 1 09:10:36 PDT 2005
I'm still thinking the bridge firewall is the best route since I can
effect all of my inbound servers at one point instead of loading up the
rules on each individual server.
I will look into the pf solution.
Thanks,
Chuck
On Sun, 1 May 2005, Richard Tector wrote:
> >Why 60,000 IP's you ask... These boxes ar ehigh traffic mail servers, and
> >I've got an extensive sendmail access file. I wanted to keep the servers
> >from handling so much spam by blocking the IP's of relays that failed the
> >access list relay check.
>
> >Over about one week, I have 60,000+ unique IP addresses from my logs.
>
>
> You might want to consider using pf which has extensive table support. I'm
> not sure what the limits are on the table size, but you simply add another.
> This means a minimal ruleset and table lookups are orders of magnitude
> faster than rule processing.
>
> Ipfw now has table support. In 5.3+ at least. I don't know how quick these
> are in comparison to pf however.
>
> The only problem with using pf is you'd ideally need to upgrade to 5.3 or
> above. Perhaps rig up another box to try it on?
>
> Regards,
>
> Richard Tector
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
More information about the freebsd-ipfw
mailing list