What seems to be the general consensus on how many filtering rules one can
configure on a PM2-30 without imposing a noticeable performance penalty
for the dialup users: 10? 50? 100?
We want to protect our ISP from our users DoSing us (sounds strange,
doesn't it) and since we have to leave stuff like arbitrary TCP and UDP
ports open (gotta love, ICQ, IRC et al.) AND we want to restrict access
to our servers, we have to be very specific on the filters. In doing that,
we end up with large filters.
I know that ordering the rules so that the majority of traffic (TCP
establisheds and generic UDP packets) matches the first few rules will
help, but does anybody have any experience with more than, say, 50-100
rules on an inbound serial filter on the PM2?
I know that using, for instance, an outbound ethernet filter is more
efficient than many inbound serial ones, but then I leave users able to
telnet to my PMs, and that's a no-no.
Thanks in advance. I'll summarize later if there's interest.
Regards,
Fernando
-- Fernando da Silveira Montenegro Nutec Informatica System/Network Administrator Sao Paulo, SP, BRAZIL mailto:montenegro@nutec.com.br http://www.nutecnet.com.br voice.:+55-11-5505-5728 #include <disclaimer.h>