On Jan 27, 2011 3:27 PM, "frankhunt" <fh-li...@frankhunt.com> wrote:
>
> Which method of blocking large numbers of IPs is the least consumptive
> of system resources?
Getting your ISP to block them. Next down would be iptables with an
efficient "match many hosts" module - thousands of rules are relatively
costly. Don't forget to send an "admin prohibited" back, though, or they
will keep sending SYN packets at you.
Htaccess is about the least efficient way - at the far end of efficiency in
Apache, which is way out in user-space.
Does it really matter, though, given how over-powered your CPU is likely to
be compared to your network bandwidth?
Regards,
Daniel
I also second the "are you sure"; personally I use fail2ban to block hostile
addresses more selectively.
--
Puppet Labs Developer – http://puppetlabs.com
Daniel Pittman <dan...@rimspace.net>
Contact me via gtalk, email, or phone: +1 (503) 893-2285
Sent from a mobile device; please forgive brevity and typos.
_______________________________________________
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
