Hacker News new | ask | show | jobs
by shishcat 898 days ago
I remember having a friend with an extemely sluggish server. Turns out the reason behind this sluggishness was that he set a permanent fail2ban bantime, which added thousands of records to iptabes; any packet, even not SSH, the server had to check the source IP against thousands of records. After purging the rules and switching the bantime the server was usable again.
1 comments
pepa65 897 days ago
This should happen in-kernel and is lightning-fast, so should not be an issue. Maybe a pre-netfilter box..?
link
72deluxe 897 days ago
Big iptables lists are indeed incredibly slow; use ipset for large lists instead.
link