![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.magnor.ovh/api/v3/image_proxy?url=https%3A%2F%2Flemmy.world%2Fpictrs%2Fimage%2Ff3189f30-f8c8-4c4f-b957-e3a7bfd1c784.png)
2·
1 year agoI recall a certain amount of overhead in IPTables “allow only from” situations but I’m not sure whether it’s enough to make a DDOS any kind of viable on a server in this configuration.
Do you happen to know how effective the strategy is?
Oh absolutely, I agree with the best practice! I just didn’t know the real world efficacy of dropping packets near the NIC to mitigate DDOS load. There is certainly a performance limit but where that limit exists has been nebulous for me.