how many IPFW rules?

Nikos Vassiliadis nvass at
Wed Oct 31 00:49:02 PDT 2007

On Tuesday 30 October 2007 22:57:31 eBoundHost: Artur wrote:
> Hello FreeBSD people!
> I have a smtp server under attack by what seems like a large botnet.  My
> inetd is choking under the load and not allowing real mail through. 
> I've successfully used tshark to find the offenders and put them into
> ipfw firewall for port 25.
> So here is my question, I'm currently blocking 55,529 ip addresses and
> the server seems pretty snappy, with no noticible load or lag.  How many
> more rulesets will I be able to handle before things start getting
> fuzzy?

Do you use 55,529 rules? well, if you do, stop doing it :)
There is a solution designed for large sets of addresses,
so you better use it. Search the ipfw manual page for "lookup table".

Apparently, there is no problem doing it the way you do it
for your load, but tables are designed for such situations
and should be more appopriate and lightweight.


More information about the freebsd-questions mailing list