-   Linux - Software (
-   -   iptables DROP, performance effect with n lines? (

jhwilliams 01-31-2009 01:00 PM

iptables DROP, performance effect with n lines?

The method I've employed to protect my server is to add a -s INPUT $IPADDR -j DROP line to my iptables for each ip address that i see doing suspicious things in my logs. This list is growing. I am wondering if anyone has a better solution -- but particularly, I am wondering if this will really start to slow things down as the list gets longer. 100 hosts, 1000 hosts, 10,000 hosts? Any experience?


repo 02-01-2009 05:49 AM

what suspicious things?

you can use fail2ban, which will block these ip's for a certain time after a certain number of attempts
or you can use iptables to do the same.

for ssh:


$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
$IPT -A SSH_CHECK -m recent --set --name SSH
$IPT -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

All times are GMT -5. The time now is 02:32 PM.