pfBlockerNG Feeds - How many is too many?

talaverde · Feb 10, 2019, 10:23 PM

I know it's not good to subscribe to all of the available feeds in pfBlockerNG, but how many is a good number? How many is too much?

I'm sure it depends on your resources. Just like an IPS, the more rules you enable the more work has to be done on each packet.

I was hoping someone on this board may have done some testing, adding more and more feeds, watching and testing to see the effect. Maybe not. If anyone has any input, I'd love to hear it?

If not, let's try this. How about everyone post the feeds they use?

RonpfS · Feb 16, 2019, 5:25 PM

That depends on your platform.

IP tables doesn't use much memory and ressources.

DNSBL tables are limited by the memory of the system. On a 8GB system, it can manage around 1 to 1.5 millions entries.

talaverde · Feb 12, 2019, 4:39 AM

@ronpfs said in pfBlockerNG Feeds - How many is too many?:

s are limited by the memory of the system. On a 8GB system, it can manage around 1 to 1.5 millions entri

So, more feeds just means more memory, but won't create latency? I have about 20GB available, so memory isn't a problem.

motific · Feb 14, 2019, 5:10 PM

When you hit “too many” you’ll know, unbound does not handle such situations gracefully.

In my experience latency goes from ms to 60-100 Seconds, clients will time out long before they get a response, your phone will ring constantly, and people you’ve never met will appear at your desk!

talaverde · Feb 14, 2019, 5:22 PM

Okay, it sounds like there is a clear wall. That's good to know. Thanks.

gsmornot · Feb 16, 2019, 5:25 PM

This post is deleted!