On Fri, Sep 21, 2001 at 08:48:45AM -0400, Brian Curtis <[EMAIL PROTECTED]> wrote:
| What kind of problems can I expect by adding 2400 DENY entries to the
| input chain (using ipchains-1.3.9-3)?
Big performance penalties why you analyse every packet.
Instead, why not make a special chain for Nimda, and only divert processing to
it for incoming SYN packets aimed at port 80? That way almost everything
else goes through your normal tiny set of rules, and only incoming HTTP
connections incur the analysis penalty.
Like:
ipchains -I input -p tcp -y -d 0.0.0.0/0 http -j NIMDA
and do the processing in the NIMDA chain.
--
Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/
Meddle not in the affairs of dragons,
for you are crunchy and good with ketchup.
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
