machine hangs on occasion - correlated with ssh
break-in attempts
security
security at jim-liesl.org
Thu Aug 21 21:37:34 UTC 2008
Mikhail Teterin wrote:
> Neil Neely написав(ла):
>> I haven't explored this issue enough to speak with any authority -
>> but once upon a time I had an app doing tons of ipfw rule add/removes
>> all the time and we had no end of performance and stability problems
>> on that box (this would have been in 4.x or so timeline I expect).
>> As that approach wasn't really critical we abandoned it without
>> really digging into the details.
>>
>> Years later a need for lots of rapid firewall changes came up again
>> and I drilled into it and found the use of tables was excellent for
>> doing this and it does the job very well. This is approach is on a
>> FreeBSD 6.3 box.
>>
>> ipfw add 00550 deny ip from 'table(1)' to any
>>
>> Then just add remove entries to table 1 via:
>> ipfw table 1 add 10.1.1.22/32
>> ipfw table 1 delete 10.1.1.22/32
>>
>> show all entries in table 1 with:
>> ipfw table 1 list
>>
>> Clear out the whole of table 1
>> ipfw table 1 flush
>>
>> I can't be sure if this relates to your particular issue, but I would
>> recommend trying it out.
> Thanks! I was not even aware of this functionality... Yes, I'll try
> that -- maybe, a bug in ipfw only hits once per 1000 invocations :-)
>
> -mi
blocksshd uses pf and a table to contain the addresses. you might want
to check it out
More information about the freebsd-security
mailing list