Is load a issue when hundreds of i.p.'s or blocked by iptables?

Murtaza_t

Well-Known Member
Jan 24, 2005
474
0
166
Earth
cPanel Access Level
Website Owner
Well I dont find any reasons for server to catch load due to number of IPs blocked..
We have long iptables rules set on all our server... yeah the only problem we face is we have 3 clients a week saying they cannot access their site but others can.... :)
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
Actually, a long iptables list with thousands of IP's in it can definitely cause load issues. It can also cause a slowdown of every service operating over the network (web, smtp, ftp, etc) as every packet has to be compared against every IP address. It can also render a server unbootable, which I've seen on many an occassion.

You should only really ever have a handful of blocked IP addresses in your firewall for current attacks, otherwise you should clean them out very regularly.
 

pshepperd

Well-Known Member
Feb 12, 2005
147
0
166
I agree with chirpy,

Here are my recommendations, take all those out, configure apf to ban people that abuse your server automatically, configure the server to send you that list or remove the blocks on its own.

Also configure traffic shaping so that people who DDos your server don't keep you from SSHing in.

If you really feel you need to have IPbans like that, simply offload them to an external firewall, most NOCs offer them as an addon to dedicateds.

Be aware though that simple router type firewalls, really dont have the ability to do IP bans, nor do they have the memory to store your list.
 

pshepperd

Well-Known Member
Feb 12, 2005
147
0
166
Certian versions of sonicwalls can do flood protection too, and can syslog to a monitoring computer, so that you can be notified when attacks are occuring.