firewalld with HUGE list of ip to drop
Jeffrey Walton
noloader at gmail.com
Wed Apr 10 22:29:41 UTC 2024
On Wed, Apr 10, 2024 at 6:11 PM Jerry Geis <jerry.geis at gmail.com> wrote:
>
> Seems once I have gotten past the "threshold" which I dont know how many that is - network performance DROPS considerably with many IP's in the list to drop
>
> The file to drop has at least 57000+ lines of IP addresses that have attempted some kind of access to my servers. Either unwanted SSH, HTTP, HTTPS or SIP.
>
> How is the correct way to DROP ip's with such a large number
> and I do segments like
> 243.155.27.0/24
> kind of entries. so each address is not individual.
>
> Anyway if I stop firewalld the network performance jumps WAY back up to over 800M but as soon as I restart firewalld - wait a while - network performance drops again to around 10M
>
> I also tried stopping firewalld and just use IPtables - same thing happens.
>
> I also found ip addr blacklist kind of a command - but that was not suggested because it had issues also.
>
> How do I solve this ?
When I first read this, I thought a larger number of buffers or a
greater number of buckets should do the trick. But I don't see any
knobs to turn for either of them.
This seems relevant: <https://serverfault.com/q/1080757>. You may need
a hardware based solution.
Jeff
More information about the ubuntu-users
mailing list