Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How many entries is too many for iptables.

Status
Not open for further replies.
nerbonne

nerbonne

Technical User
Dec 11, 2006
99
US
I've been watching my server and I've been getting errors in the logs where someone is trying to exploit bugs in phpmyadmin and other software. The hits are coming from multiple IP's, about 2-3 times per day. After I block them in iptables, then they quit, obviously. I'm just wondering how this will affect my server performance? What is the limit? Currently I have...


DROP all -- ulm078.server4you.de anywhere
DROP all -- ns2.1axess.com anywhere
DROP all -- 65.98.4.130 anywhere
DROP all -- 66.180.82.81 anywhere
DROP all -- 66.180.82.82 anywhere
DROP all -- 66.180.82.83 anywhere
DROP all -- 66.180.82.84 anywhere
DROP all -- 66.180.82.85 anywhere
DROP all -- 66.180.82.86 anywhere
DROP all -- 66.180.82.87 anywhere
DROP all -- 66.180.82.88 anywhere
DROP all -- 66.180.82.89 anywhere
DROP all -- 66.180.82.90 anywhere
DROP all -- serv1.mysobe.net anywhere
DROP all -- 82.8.5546.static.theplanet.com anywhere
DROP all -- node151.15.251.72.1dial.com anywhere
DROP all -- vol21-2-82-226-46-1.fbx.proxad.net anywhere
DROP all -- ega66.internetdsl.tpnet.pl anywhere
DROP all -- 86.124.224.90 anywhere
DROP all -- M142b.m.pppool.de anywhere
DROP all -- 125.40.227.179 anywhere
DROP all -- dau.chg.ru anywhere
DROP all -- krups.netcraft.com anywhere
DROP all -- anywhere
DROP all -- 216-73-126-235.ocdc-01.net anywhere
DROP all -- 220.226.63.254 anywhere
 
Sort by date Sort by votes
Generally, IPTables doesn't seem to slow down much even with large number of rules. But if your concerned, how about going the otherway for phpmyadmin. Block all traffic to it except trusted IPs.

[plug=shameless]
[/plug]
 
Upvote 0 Downvote
Well, phpmyadmin is only one of the exploits they are trying. There is other specific software titles that they are trying to exploit, luckily none are loaded on my server.

What would you consider a "large number of rules".

200+ ?

500+ ?

Thanks.
 
Upvote 0 Downvote
To be honest, my approach with a beowulf cluster, was to block all ports incomming. Then only opened ssh from trusted IPs. This meant that the outside network card had one rule to block, and as many rules to allow as there were people who needed remote access.

I'd personally call 200 a large number, not because of performance but because of ability to look through it and know what/why each rule exsists becomes harder as the file grows.

Listing spesific blocks, like that, is ineffecient and typically ineffective.


[plug=shameless]
[/plug]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
278
Krus1972
Krus1972
SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
734
gbaughma
gbaughma
SamBones
  • Locked
  • Question
CentOS is Dead? 1
Replies
0
Views
227
SamBones
SamBones
krabban
  • Locked
  • Question
Dirvish for backup
Replies
0
Views
258
krabban
krabban
spamjim
  • Locked
  • Question
Sorting out NTFS filesystem issues
Replies
0
Views
236
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top