What seems to be the general consensus on how many filtering rules one can
configure on a router without imposing a noticeable performance penalty:
10? 50? 100?
I know it probably varies wildly with the equipment you use (2501 x 7500,
for instance), but is anybody running a Cisco 4000 with more than, say,
100 rules for each filter applied to an interface? The router has 8MB, and
is talking two T1s (bonded, no multihoming).
We plan to tighten up our environment a bit (too many DoS attacks for our
liking), and are considering also stricter filters on our terminal servers
(PortMaster2 units from Livingston). Same question applies: how many
filters on a 1MB PM2?
The problem is that the environment being protected is an ISP, so the
typical "block unless needed" stance doesn't apply.
Thanks in advance. I'll summarize later if there's interest.
ObFirewall: Filtering is one element of our security architecture, which
is migrating to a secure subnet protected by app.level firewall, and is,
as usual, the first line of defense.
Fernando da Silveira Montenegro Nutec Informatica
System/Network Administrator Sao Paulo, SP, BRAZIL
voice.:+55-11-5505-5728 #include <disclaimer.h>