[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Performance penalty on IPCHAINS?

Subject: Re: [cobalt-users] Performance penalty on IPCHAINS?
From: "Webmaster : Beyond2K" <Hostmaster@xxxxxxxxxxxxxx>
Date: Fri Oct 25 02:08:01 2002
Organization: Beyond2K
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> > Is there a significant performance penalty if one inserts
> > many source DENYs? Where there is an IP that consistently is
> > probing a machine, are there better ways to deny access?  I
> > have about 25 or so 'regulars' that I have added to the DENY
> > lists but don't want to shoot myself in the foot either!
> >
>
> If your host can deny them at the router, of course you'll never see it
> at the server.

Dan has suggested the best way of course if your host is willing.

However I have blocked 200+ IP's with DENY and see no performance impact on RAQ3's or RAQ4's.

I personally use DENY without logging for each IP and leave the main REJECT to log all others. Although REJECT did prevent access
from these 200+ IP's, syslog went mad logging it all to the kernel log, which definitely did have a performance issue.

Brett
B3K.net - Webmaster / Hostmaster
---------------------------------------------
The World's premier mobile phone boutique
With free SMS & free personal No's
www.b3k.net

Follow-Ups:
- Re: [cobalt-users] Performance penalty on IPCHAINS?
  - From: Paul Warner

References:
- RE: [cobalt-users] Performance penalty on IPCHAINS?
  - From: Dan Kriwitsky

Prev by Date: Re: [cobalt-users] ProFTPD doesn't support SSL ? We have to use SFTP ?
Next by Date: RE: [cobalt-users] RaQ4 htaccess problem after migrating
Previous by thread: RE: [cobalt-users] Performance penalty on IPCHAINS?
Next by thread: Re: [cobalt-users] Performance penalty on IPCHAINS?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index