iptables DROP, performance effect with n lines?
Hi,
The method I've employed to protect my server is to add a -s INPUT $IPADDR -j DROP line to my iptables for each ip address that i see doing suspicious things in my logs. This list is growing. I am wondering if anyone has a better solution -- but particularly, I am wondering if this will really start to slow things down as the list gets longer. 100 hosts, 1000 hosts, 10,000 hosts? Any experience?
Thanks,
Jameson
|