pfBlockerNG Feeds - How many is too many?



  • I know it's not good to subscribe to all of the available feeds in pfBlockerNG, but how many is a good number? How many is too much?

    I'm sure it depends on your resources. Just like an IPS, the more rules you enable the more work has to be done on each packet.

    I was hoping someone on this board may have done some testing, adding more and more feeds, watching and testing to see the effect. Maybe not. If anyone has any input, I'd love to hear it?

    If not, let's try this. How about everyone post the feeds they use?



  • That depends on your platform.

    IP tables doesn't use much memory and ressources.

    DNSBL tables are limited by the memory of the system. On a 8GB system, it can manage around 1 to 1.5 millions entries.



  • @ronpfs said in pfBlockerNG Feeds - How many is too many?:

    s are limited by the memory of the system. On a 8GB system, it can manage around 1 to 1.5 millions entri

    So, more feeds just means more memory, but won't create latency? I have about 20GB available, so memory isn't a problem.



  • When you hit “too many” you’ll know, unbound does not handle such situations gracefully.

    In my experience latency goes from ms to 60-100 Seconds, clients will time out long before they get a response, your phone will ring constantly, and people you’ve never met will appear at your desk!



  • Okay, it sounds like there is a clear wall. That's good to know. Thanks.



  • This post is deleted!

Log in to reply