Community discussions

 
TheSirStumfy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Sun Oct 14, 2018 7:54 pm

Firewall list performace hit

Sun Jun 23, 2019 1:36 pm

How much of a hit on performance does a FW drop list make? For example there are lists of VPN servers, but the lists are in the 10s of thousands. One i found is 30.000 lines, with about 20k of those in range form /24.

Would such a list kill your router, or not really since it needs to check only incoming traffic?

Regards
 
msatter
Forum Guru
Forum Guru
Posts: 1307
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Firewall list performace hit

Sun Jun 23, 2019 2:43 pm

The performance hit is present but not huge. Address lists are vety effrctive and use RAW filtering so it won't reach connection tracking.

I only use VPN to browse so thst means any services by you are unreachable for me. VPN is also a eay for us to be on the internet and not be watched all the time govertnments and big spying firms.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta59 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
TheSirStumfy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Sun Oct 14, 2018 7:54 pm

Re: Firewall list performace hit

Sun Jun 23, 2019 3:58 pm

The performance hit is present but not huge. Address lists are vety effrctive and use RAW filtering so it won't reach connection tracking.
I see, guess theres nothing to it than? Im on RB3011 so i guess it should chew trough a list like that no problem?

The problem is people also use VPN for missuses, so im thinking of dropping the lot of them on input and forward.
 
TheSirStumfy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Sun Oct 14, 2018 7:54 pm

Re: Firewall list performace hit

Sun Jun 23, 2019 4:04 pm

Just to add a nooby question, what is a good place in the FW steps to put such rules? Right on top?

Who is online

Users browsing this forum: Google [Bot] and 19 guests