brent timothy saner on 20 Aug 2018 20:23:18 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban... 

On 8/20/18 7:25 PM, Robert wrote:
> On 08/18/2018 08:15 AM, Walt Mankowski wrote:
>> Thanks for posting that link. The list with both the Chinese and
>> Korean addresses contains nearly 6000 blocks. Can iptables handle that
>> many rules without performance problems?
> 
> I use IPSET for large number of IP Addresses.
> 
> 
> 
> Thank you for your time.
> 

i can confirm that ipset is awesome. if you base your rules on the set
name, you can dynamically add/remove address/ranges to the set and have
them applied without re-applying the iptables rules.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug