I just did iptables-save on my C7.3 server and found that Fail2ban has dozens and dozens and dozens of entries. I'll bet it's close to 100 when all the jails are counted although most are SSH of course. This prompts the question of my post - how much can it deal with before I start having problems?
Thank you.
How much can firewalld hold?
-
lightman47
- Posts: 1522
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: How much can firewalld hold?
I think the answer in 7.2 was not all that many but the 7.3 release notes said it had been made more efficient. Personally I'd use ipset and iptables.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: How much can firewalld hold?
I guess try it and see!
BTW, docs reveal that ipset (using the hash) has a default size of 1024 and a configured maximum of 64K. So I guess you'd run out of available ports before the firewall balks.
BTW, docs reveal that ipset (using the hash) has a default size of 1024 and a configured maximum of 64K. So I guess you'd run out of available ports before the firewall balks.