discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] iptables rules inefficient

From: Alex Hanselka <alex AT opennicproject.org>
To: discuss AT lists.opennicproject.org
Subject: Re: [opennic-discuss] iptables rules inefficient
Date: Thu, 23 May 2013 08:42:24 -0500

On 5/23/2013 2:19 AM, Psilo wrote:

Yes I see a big difference looking at the bandwidth graphs.

Without the iptables filters:

Now WITH the iptables filters:

The average output has been divided by 1000.

Psilo

Absolutely! It is definitely worth doing. However, if you have a server in a location where bandwidth is very expensive, the inbound requests might still kill you. This was the case with Julian in fact. I do agree that these iptables are worth doing and everyone should use them. Remember, you aren't just saving your bandwidth in this case, you are saving the recipient of the attack. You are just collateral damage!

Attachment: pngxyPc1IgOum.png
Description: PNG image

Attachment: pngZoTPQpF8ho.png
Description: PNG image

Re: [opennic-discuss] iptables rules inefficient, (continued)
- Re: [opennic-discuss] iptables rules inefficient, kennytaylor, 05/20/2013
  - Re: [opennic-discuss] iptables rules inefficient, Jeff Taylor, 05/21/2013
    - Re: [opennic-discuss] iptables rules inefficient, kennytaylor, 05/21/2013
      - Re: [opennic-discuss] iptables rules inefficient, Jeff Taylor, 05/21/2013
        
        Re: [opennic-discuss] iptables rules inefficient, kennytaylor, 05/21/2013
        
        Re: [opennic-discuss] iptables rules inefficient, Jeff Taylor, 05/21/2013
- Re: [opennic-discuss] iptables rules inefficient, kennytaylor, 05/20/2013
  - Re: [opennic-discuss] iptables rules inefficient, Psilo, 05/20/2013
    - Re: [opennic-discuss] iptables rules inefficient, Julian DeMarchi, 05/22/2013
      - Re: [opennic-discuss] iptables rules inefficient, Psilo, 05/23/2013
        
        Re: [opennic-discuss] iptables rules inefficient, Alex Hanselka, 05/23/2013
        
        Re: [opennic-discuss] iptables rules inefficient, Hunter 9999, 05/23/2013
        
        Re: [opennic-discuss] iptables rules inefficient, Alex Hanselka, 05/23/2013
        Re: [opennic-discuss] iptables rules inefficient, Kenny Taylor, 05/23/2013
        Re: [opennic-discuss] iptables rules inefficient, Guillaume Parent, 05/23/2013
        Re: [opennic-discuss] iptables rules inefficient, Alex Hanselka, 05/23/2013
        
        Re: [opennic-discuss] iptables rules inefficient, Jamyn Shanley, 05/23/2013
        Re: [opennic-discuss] iptables rules inefficient, Guillaume Parent, 05/23/2013
        Re: [opennic-discuss] iptables rules inefficient, Alex Hanselka, 05/23/2013
        
        Re: [opennic-discuss] iptables rules inefficient, Jeff Taylor, 05/23/2013
        Re: [opennic-discuss] iptables rules inefficient, Guillaume Parent, 05/23/2013