[ale] iptables limits?

[Jim Popovitch]

On Thu, 2005-06-02 at 17:08 -0400, Christopher Fowler wrote:
> Da*n.  Why so many rules?

I religiously block IPs that exhibit strange behavior (port scans, spam,
formmail, x90, etc),and I have iptables rules to LOG further attempts
(it all adds up)  I divide the blocks up between ALL, HTTP, and SMTP, so
someone that port maps a mailserver can still visit websites, and
someone who bongs a webserver can still send good email.  The ALL list
is derived from bot reports, etc.

As of this point in time here are copies of the lists:

http://jimpop.net/stuff/block-all
http://jimpop.net/stuff/block-http
http://jimpop.net/stuff/block-smtp

I have yet to hear one complaint from any user that I have blocked a
legitimately used IP address.

Here's a script that I use to pull data out of apache logs and spit out
a list of IP addresses to HTTP block.
---------------
TEMP=temp.$$
egrep "FormMail.cgi|FormMail.pl|cltreq.asp|_vti_bin|_vti_bin|_vti_inf|
apage.cgi|auctions.cgi|awstats|ctpub_adserv.cgi|formmail.cgi|
formmail.pl|imgannot.cgi|includer.cgi|openwebmail|proxyjudge.cgi|
tellafriend.pl|upload2.cgi" /var/log/httpd/error_log* | sed -e 's/.*
\[client \(.*\)\].*/\1/' > $TEMP
sed -e "s/SEARCH.*x90.*/BLOCK-IP/" /var/log/httpd/*_log* | grep BLOCK-IP
| sed -e 's/ - - .*//' >> $TEMP
sort -u $TEMP
rm -f $TEMP
----------------


> 
> On the same topic does anyone know the max number of ppp interfaces?
> 
> On Thu, 2005-06-02 at 17:04, Jim Popovitch wrote:
> > Are there any known limits to the number of rules in iptables?  I
> > currently have about 27000+ rules, with no noticeable issues.  What's
> > the upper limit, if there is any, and what are the limiting factors?
> > 
> > Thx,
> > 
> > -Jim P.
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale