[Server-devel] Question on number of iptables rules

Martin Langhoff martin.langhoff at gmail.com
Wed Feb 2 10:24:54 EST 2011

On Tue, Feb 1, 2011 at 6:28 PM, Anna <aschoolf at gmail.com> wrote:
> My test XS at home has a FQDN and is open to the outside.  Therefore this is
> probably a pretty rare issue in XS land, but I thought I'd ask.

In general, I'd keep it closed. It's not designed as a full internet server.

> Getting them into /etc/sysconfig/olpc-scripts/iptables-xs is easy enough.  I
> pasted the IP data into a file named banned_ips.txt and ran this little
> script:
> #!/bin/bash
> for i in $(< banned_ips.txt); do
> iptables -A INPUT -s "$i" -j DROP
> done

You could do the same from the init script even.

> Here's my question - is the XS networking going to get wonky with 894 extra
> iptables rules?

Short answer - no.

Slightly longer: no, but if the list grows and starts to cost you in
network perf, might be worth looking at ipset


 martin.langhoff at gmail.com
 martin at laptop.org -- Software Architect - OLPC
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff

More information about the Server-devel mailing list