1st post ;-)
Using shorewall for about 5 years in production environment & love it!
I would like to block a list of ip address/subnets using the blacklist
file, but my kernel does not have ipsets. I''d rather not toy with this
production machine.
The machine is a 64bit linux distro with 2gig of ram, and a ~2Ghz single
core processor. It has 2 ethernet adapters and is connected to the
world via a T1. It does NAT and a lot of traffic control/filtering,
etc. The tcstart and tcrules files are hundreds of lines long, &
shorewall takes about 30 seconds to start/restart. Otherwise, hardware
loads are very low.
Using shorewall 4.0.15, perl version.
I''d like to load a blacklist of just under 7000 entries. Can anyone
(with real world experience, maybe) tell me if this is sane?
Will it work, or will there be a big performance hit? What IS an
agreeable number of entries in the blacklist file?
I searched the world over and only found vague "Don''t put
thousands in
there" answers. Even a ballpark figure would help.
Cordially,
Jason Wallace
------------------------------------------------------------------------------