[ale] iptables limits?
Bob Toxen
transam at verysecurelinux.com
Fri Jun 3 18:31:33 EDT 2005
On Fri, Jun 03, 2005 at 11:45:53AM -0400, Jim Popovitch wrote:
> On Fri, 2005-06-03 at 11:31 -0400, Jonathan Rickman wrote:
> > The correct number was 5000. I goofed the edit after logging into the
> > system to verify that Jim's setup was even more excessive than I
> > thought.
> [snip]
> > > I'm seeing double...
> >
> > The correct number was 5000. I goofed the edit after logging into the
> > system to verify that Jim's setup was even more excessive than I
> > thought. ;)
> OK, the double speak needs some restraint. ;-)
> Regarding large quantities of iptables rules, what other ways would you
> go about:
> -blocking 3,000+ IPs from ongoing port scan attacks
> -blocking 2,500+ IPs from http/https scripting attacks
> -blocking 1,200+ IPs from sending viruses and/or smtp port-knocking
> I suppose I could be cruel and block the common subnets, but then
> instead of restricting 7,000 IPs I could be restricting 7M.
I agree that the 7,000 rules to block them is reasonable. I do something
similar.
> If 50,000 iptable rules don't cause any problems then why not use them?
Indeed.
> -Jim P.
Bob
More information about the Ale
mailing list