Atomicorp

Is there a limit on how many IP can be block in blocklist before performance is affected ?

Is performance can be affected ?

I'm around 2500 now.


Thank you

In general not really, but it can if either of the follow is true:

1) you're using a really old kernel, where you can not use ipset. The performance hit would be on loading your blocklist where iptables takes longer to load a really big set of firewall rules. 2500 isnt a lot for iptables, but if you have hundreds of thousands of ips in your blocklist that can take time for iptables to load. Newer kernels support ipset which can load hundreds of millions of entries in a few seconds.

2) you're using a hypervirtualization solution like openvz that limits the number of firewall rules you can have, because you're sharing one systems kernel with every other user on the system. In which case your hosting provider may limit the number of firewall rules you can add.

If neither of these is the case for you, then you can add hundreds of millions of entries to your blocklist without any performance impact.

Remember that each IP you block results in two firewall rules -- one for in, one for out.

I would ask WHY you need to block so many IPs.

If you are manually adding them following an attack or spam run, remember that 90+ will never be seen again - they are probably part of a botnet.

It's not that I need but that I can.

I just unchecked Enable Active Response timeout. Nothing is done manually.

When we blacklist/whitelist load is going sky crazy so I'm using blocklist as a kind of blacklist.

what kernel is your system? u can run this command to find out
uname -r

hostingg wrote:what kernel is your system? u can run this command to find out
uname -r

2.6.32

So thats not one of our kernels then (and thats a very very old kernel too). Are you using a virtualization solution, for example virtuzzo, openvz by any chance?