iptables: filtering large number of IP addresses

-r dind

I found that to administer a firewall connected to the Internet, the number of IP addresses to block is almost as large as the number of possible IP addresses. So instead of explicitly blocking the IP addresses I know are bad (which amounts to locking the barn door after the horses have escaped), I block all IP addresses with the firewall as its basic policy, and then open up certain types of IP-addresses port combinations. I am more fussy about what I let in than what I let out. And I am more fussy about the interface to the Internet (in my case, ppp0) than to my lan (eth0 and eth1). Actually, if the Windows machine on eth0 is involved, I am more fussy there than anywhere, and block everything except outgoing stuff to a small whitelist, and accept as incoming only replies to stuff I sent out.

I think the IP traffic on your machine will be more important than the size of the table itself. For my dial-up machine, that is the case I would think. Since I have dual 3.06 Xeon processors, though, the cost of running the iptables firewall is not noticeable.

-- .~. Jean-David Beyer Registered Linux User 85642. V PGP-Key: 9A2FC99A Registered Machine 241939. ^^-^^ 08:30:00 up 5 days, 6:51, 4 users, load average: 4.21, 4.16, 4.11