Blocklist limit before performance impact

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
heiny
Forum User
Forum User
Posts: 14
Joined: Fri May 20, 2016 12:24 pm
Location: Canada

Blocklist limit before performance impact

Unread post by heiny »

Is there a limit on how many IP can be block in blocklist before performance is affected ?

Is performance can be affected ?

I'm around 2500 now.


Thank you
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Blocklist limit before performance impact

Unread post by mikeshinn »

In general not really, but it can if either of the follow is true:

1) you're using a really old kernel, where you can not use ipset. The performance hit would be on loading your blocklist where iptables takes longer to load a really big set of firewall rules. 2500 isnt a lot for iptables, but if you have hundreds of thousands of ips in your blocklist that can take time for iptables to load. Newer kernels support ipset which can load hundreds of millions of entries in a few seconds.

2) you're using a hypervirtualization solution like openvz that limits the number of firewall rules you can have, because you're sharing one systems kernel with every other user on the system. In which case your hosting provider may limit the number of firewall rules you can add.

If neither of these is the case for you, then you can add hundreds of millions of entries to your blocklist without any performance impact.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Blocklist limit before performance impact

Unread post by faris »

Remember that each IP you block results in two firewall rules -- one for in, one for out.

I would ask WHY you need to block so many IPs.

If you are manually adding them following an attack or spam run, remember that 90+ will never be seen again - they are probably part of a botnet.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
heiny
Forum User
Forum User
Posts: 14
Joined: Fri May 20, 2016 12:24 pm
Location: Canada

Re: Blocklist limit before performance impact

Unread post by heiny »

It's not that I need but that I can.

I just unchecked Enable Active Response timeout. Nothing is done manually.

When we blacklist/whitelist load is going sky crazy so I'm using blocklist as a kind of blacklist.
User avatar
hostingg
Forum User
Forum User
Posts: 63
Joined: Mon Mar 18, 2013 6:26 pm
Location: Earth

Re: Blocklist limit before performance impact

Unread post by hostingg »

what kernel is your system? u can run this command to find out
uname -r
If everything was easy, then the world wouldn't need engineers.
heiny
Forum User
Forum User
Posts: 14
Joined: Fri May 20, 2016 12:24 pm
Location: Canada

Re: Blocklist limit before performance impact

Unread post by heiny »

hostingg wrote:what kernel is your system? u can run this command to find out
uname -r
2.6.32
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Blocklist limit before performance impact

Unread post by mikeshinn »

So thats not one of our kernels then (and thats a very very old kernel too). Are you using a virtualization solution, for example virtuzzo, openvz by any chance?
Post Reply