We have ~30,000 entries in our table <blocklist> blocking networks and single ip addresses, all in all at the moment exactly 169,471,974 hosts being blocked. No idea what your criteria is for "performance impact", but we have no issues.
On 12.08.20 14:11, Alan McKay wrote: > Hey folks, > > This is one that is difficult to test in a test environment. > > I've got OpenBSD 6.5 on a relatively new pair of servers each with 8G RAM. > > With some scripting I'm looking at feeding block IPs to the firewalls > to block bad-guys in near real time, but in theory if we got attacked > by a bot net or something like that, it could result in a few thousand > IPs being blocked. Possibly even 10s of thousands. > > Are there any real-world data out there on how big of a block list we > can handle without impacting performance? > > We're doing the standard /etc/blacklist to load a table and then have > a block on the table right at the top of the ruleset. > > thanks, > -Alan >
