How much of a hit on performance does a FW drop list make? For example there are lists of VPN servers, but the lists are in the 10s of thousands. One i found is 30.000 lines, with about 20k of those in range form /24.
Would such a list kill your router, or not really since it needs to check only incoming traffic?
Regards
The performance hit is present but not huge. Address lists are vety effrctive and use RAW filtering so it won’t reach connection tracking.
I only use VPN to browse so thst means any services by you are unreachable for me. VPN is also a eay for us to be on the internet and not be watched all the time govertnments and big spying firms.
I see, guess theres nothing to it than? Im on RB3011 so i guess it should chew trough a list like that no problem?
The problem is people also use VPN for missuses, so im thinking of dropping the lot of them on input and forward.
Just to add a nooby question, what is a good place in the FW steps to put such rules? Right on top?