LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   iptables DROP, performance effect with n lines? (http://www.linuxquestions.org/questions/linux-software-2/iptables-drop-performance-effect-with-n-lines-701269/)

jhwilliams 01-31-2009 12:00 PM

iptables DROP, performance effect with n lines?
 
Hi,

The method I've employed to protect my server is to add a -s INPUT $IPADDR -j DROP line to my iptables for each ip address that i see doing suspicious things in my logs. This list is growing. I am wondering if anyone has a better solution -- but particularly, I am wondering if this will really start to slow things down as the list gets longer. 100 hosts, 1000 hosts, 10,000 hosts? Any experience?

Thanks,
Jameson

repo 02-01-2009 04:49 AM

what suspicious things?

you can use fail2ban, which will block these ip's for a certain time after a certain number of attempts
or you can use iptables to do the same.

for ssh:

Code:

$IPT -N SSH_CHECK
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
$IPT -A SSH_CHECK -m recent --set --name SSH
$IPT -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP



All times are GMT -5. The time now is 07:59 AM.