heh, it's slowing you down about this |<--->| much.How hard is it to bog down a RB532? I've got some rulesets based on the examples listed at http://wiki.mikrotik.com/wiki/Protecting_your_customers but I'm curious as to how much it is slowing me down.
So how much is too much? And what do you mean by grouping rules in chains? Something similar to the "virus" chain at the url above? Can you give me an example of an efficient ruleset?
Sorry for all the questions, I've been wondering about this for awhile
depends alot on what kind of service you want to give.hi sten,
i'm using P4 2.8Ghz and 512RAM to work as router.
At the moment, i only create certain rule to block(drop packet) on certain port such as p2p,port 135-139, netbus and so on.
I was wondering if i keep adding the firewall or when it reach the limit, what would happen to router?
What is your reccomendation? Do you have example for that?
Like wispnewbie said, i also want to know how much is the how much?
i think i read somewhere that the upper limit is 65535 or somewhere close to it. the only one that i got that has more than 1500 rules (most are inactive) flakes out around that amount but that's probably because it's a really old version (v2.9.18)I tested a large number of rules to find out what it could handle. Added 256 rules to the firewall filter, 120 to the mange, and 80 queue rules. Did not hiccup at all. I stopped there. That is not a lot of rules by them selves but that was added to what i already had in my completed system. The point was to have dynamic queues/firewalls for pppoe users via 1 radius supplied firewall attribute. I had 4 to the 4th possibilities. It works perfect.
Eugene,1000 rules processed for _each_ packet make p4 2.8 pass through 76Mbps fdx. 50000 rules processed for _each_ packet reduce the throughput to 1.5 Mbps fdx.
Like mentioned before, in real life most of the traffic is processed with first 1 to 50 rules.