[ale] iptables limits?

Jim Popovitch jimpop at yahoo.com
Fri Jun 3 11:54:31 EDT 2005


On Fri, 2005-06-03 at 11:31 -0400, Jonathan Rickman wrote:
> The correct number was 5000. I goofed the edit after logging into the
> system to verify that Jim's setup was even more excessive than I
> thought.
[snip]
> > I'm seeing double...
> 
> The correct number was 5000. I goofed the edit after logging into the
> system to verify that Jim's setup was even more excessive than I
> thought. ;)

OK, the double speak needs some restraint.  ;-)

Regarding large quantities of iptables rules, what other ways would you
go about:

 -blocking 3,000+ IPs from ongoing port scan attacks
 -blocking 2,500+ IPs from http/https scripting attacks
 -blocking 1,200+ IPs from sending viruses and/or smtp port-knocking

I suppose I could be cruel and block the common subnets, but then
instead of restricting 7,000 IPs I could be restricting 7M.

If 50,000 iptable rules don't cause any problems then why not use them?

-Jim P. 




More information about the Ale mailing list