firewalld with HUGE list of ip to drop

J.Witvliet at mindef.nl J.Witvliet at mindef.nl
Thu Apr 11 15:48:23 UTC 2024 

Are you using names instead of ip-addresses?
Logically there should be no difference, reality told me otherwise…


From: "Karl Auer" <kauer at biplane.com.au<mailto:kauer at biplane.com.au>>
Date: Thursday, 11 April 2024 at 15:13:18
To: "Ubuntu user technical support, not for general discussions" <ubuntu-users at lists.ubuntu.com<mailto:ubuntu-users at lists.ubuntu.com>>
Subject: Re: firewalld with HUGE list of ip to drop

On Wed, 2024-04-10 at 18:08 -0400, Jerry Geis wrote:
> Anyway if I stop firewalld the network performance jumps WAY back up
> to over 800M but as soon as I restart firewalld - wait a while -
> network performance drops again to around 10M

How long is "a while"?

> I also tried stopping firewalld and just use IPtables - same thing
> happens.

So iptables also starts fine but slows after "a while"?

Who *is* allowed to access your servers? If the answer is "nobody but
me", then just whitelist yourself and have a default DROP rule.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au, he/him)
http://www.biplane.com.au/kauer



--
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20240411/70dab596/attachment.html>

More information about the ubuntu-users mailing list