So here is a related question - I want to implement something like
what some of you folks seem to have in place with dynamically updated
blacklists and reloading pf on the fly.
With a redundant pair of firewalls should I be doing this on the MASTER only?
I'm just wondering about reloading pf on
‐‐ Original Message ‐‐‐
On Wednesday, August 12, 2020 7:11 AM, Alan McKay wrote:
> Hey folks,
>
> This is one that is difficult to test in a test environment.
>
> I've got OpenBSD 6.5 on a relatively new pair of servers each with 8G RAM.
>
> With some scripting I'm looking at feeding
Hi,
I have a script that downloads "badhosts" from a site that continuously
updates through a distrubed network.
I currently limit my blocklist to 450,000 ip addresses.
real mem = 4261072896 (4063MB)
avail mem = 4119322624 (3928MB)
bios0: PC Engines apu2
-pa-r-- blocklist
Hi,
as the tables are stored in RAM anyway during thee processing it’s moreless
matter of how fast are your DIMMs / CPU. I’m usually work with several tables
with cca 30 K records - no impact on the performance so far.
S pozdravem / Kind regards
Martin Sukaný
UNIX Engineer, Developer,
On 2020-08-12, Tomasz Rola wrote:
> Is there a way to have listing of offending IPs and perhaps grouping
> them into /nn subnets - other than writing oneself the script?
aggregate6, in packages. It will be slow on a large list, of course.
> Something as easy as awk might suffice, I guess - and
On 2020-08-12 05:11, Alan McKay wrote:
Hey folks,
This is one that is difficult to test in a test environment.
I've got OpenBSD 6.5 on a relatively new pair of servers each with 8G RAM.
With some scripting I'm looking at feeding block IPs to the firewalls
to block bad-guys in near real
On Wed, Aug 12, 2020 at 03:00:03PM +0200, Martin Sukany wrote:
> Hi,
>
> as the tables are stored in RAM anyway during thee processing it’s
> moreless matter of how fast are your DIMMs / CPU. I’m usually work
> with several tables with cca 30 K records - no impact on the
> performance so far.
Wow over 160 MILLION (yes I screamed that) IPs!
How much RAM is in your system?
On Wed, Aug 12, 2020 at 10:26 AM infoomatic wrote:
>
> We have ~30,000 entries in our table blocking networks and
> single ip addresses, all in all at the moment exactly 169,471,974 hosts
> being blocked. No idea
We have ~30,000 entries in our table blocking networks and
single ip addresses, all in all at the moment exactly 169,471,974 hosts
being blocked. No idea what your criteria is for "performance impact",
but we have no issues.
On 12.08.20 14:11, Alan McKay wrote:
> Hey folks,
>
> This is one that
On Wed, Aug 12, 2020 at 08:11:14AM -0400, Alan McKay wrote:
> Hey folks,
>
> This is one that is difficult to test in a test environment.
>
> I've got OpenBSD 6.5 on a relatively new pair of servers each with 8G RAM.
>
> With some scripting I'm looking at feeding block IPs to the firewalls
>
This is one of those “How long is a piece of string” examples.
You don’t give a lot in the way of specifications so as to come up with a
reasonble guess. But the guesses are meaningless anyway, as the packet
filtering subsystems are pretty efficient and very rapid.
In reality with sufficient
Hey folks,
This is one that is difficult to test in a test environment.
I've got OpenBSD 6.5 on a relatively new pair of servers each with 8G RAM.
With some scripting I'm looking at feeding block IPs to the firewalls
to block bad-guys in near real time, but in theory if we got attacked
by a bot
12 matches
Mail list logo