The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is load a issue when hundreds of i.p.'s or blocked by iptables?

Discussion in 'General Discussion' started by DWHS.net, Oct 16, 2005.

  1. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    We have a list of ABOUT 1000-2000 offending i.p.'s and was wondering if we blocked them from our main server through iptables if it will bring the load up.

    Thanks,
     
  2. Murtaza_t

    Murtaza_t Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    476
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    cPanel Access Level:
    Website Owner
    Well I dont find any reasons for server to catch load due to number of IPs blocked..
    We have long iptables rules set on all our server... yeah the only problem we face is we have 3 clients a week saying they cannot access their site but others can.... :)
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Actually, a long iptables list with thousands of IP's in it can definitely cause load issues. It can also cause a slowdown of every service operating over the network (web, smtp, ftp, etc) as every packet has to be compared against every IP address. It can also render a server unbootable, which I've seen on many an occassion.

    You should only really ever have a handful of blocked IP addresses in your firewall for current attacks, otherwise you should clean them out very regularly.
     
  4. pshepperd

    pshepperd Well-Known Member

    Joined:
    Feb 12, 2005
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    I agree with chirpy,

    Here are my recommendations, take all those out, configure apf to ban people that abuse your server automatically, configure the server to send you that list or remove the blocks on its own.

    Also configure traffic shaping so that people who DDos your server don't keep you from SSHing in.

    If you really feel you need to have IPbans like that, simply offload them to an external firewall, most NOCs offer them as an addon to dedicateds.

    Be aware though that simple router type firewalls, really dont have the ability to do IP bans, nor do they have the memory to store your list.
     
  5. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    Great information guys, very much appreciated.

    I think I will stick with a BFD and a couple permanent i.p.'s per server, then narrow down and keep the large list for our stand alone sonic wall system.

    Thanks again,

    Chaze
     
  6. pshepperd

    pshepperd Well-Known Member

    Joined:
    Feb 12, 2005
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    Certian versions of sonicwalls can do flood protection too, and can syslog to a monitoring computer, so that you can be notified when attacks are occuring.
     
Loading...

Share This Page