OT: Network Performance Issues

Ralph W. Reid rreid at sunset.net
Mon Oct 25 23:50:15 EDT 2004


Recent comments here and elsewhere concerning degenerating network
performance led me to take a closer look at my own system, and I
discovered that the numerous attempts by other systems to connect on
my ISP's network were not being blocked by my firewall, and were
therefore reaching my system.  I do not think these numerous connect
and IP requests were doing direct harm to my system, but packets were
getting here that had no business getting here.  I added some rules to
my firewall, and if my system's performance today (Monday) can be used
as an example, my network stability and responsiveness have improved
noticeably.  Note that I thought I had rules at the end of my firewall
script which I believed should have caught everything that had not
been previously defined, but the source address 0.0.0.0 seems to have
been slipping through anyway.  Here are the rules which are now
logging and dropping these requests.  Note that if you have a similar
amount of this kind of traffic on your network, logging all of these
events can rack up considerable disk space usage--use these rules with
care, and at your own risk.  Note also that if your system is supposed
to be providing bootps services, you may not want to add these rules
to your system.

iptables --append INPUT -i eth0 -s 0.0.0.0 -j LOG --log-prefix "REMOTE LOCALHOST DROP "
iptables --append INPUT -i eth0 -s 0.0.0.0 -j DROP

I hope this stuff proves useful, and have a _great_ day.

-- 
Ralph.  N6BNO.  Wisdom comes from central processing, not from I/O.
rreid at sunset.net  http://personalweb.sunset.net/~rreid
Opinions herein are either mine or they are flame bait.
CIRCLE AREA = _pi * r ^ 2




More information about the Speakup mailing list