firewalld with HUGE list of ip to drop
Jon LaBadie
ubu at labadie.us
Thu Apr 11 02:58:20 UTC 2024
On Wed, Apr 10, 2024 at 06:08:41PM -0400, Jerry Geis wrote:
>Seems once I have gotten past the "threshold" which I dont know how
>many that is - network performance DROPS considerably with many IP's in the
>list to drop
>
>The file to drop has at least 57000+ lines of IP addresses that have
>attempted some kind of access to my servers. Either unwanted SSH, HTTP,
>HTTPS or SIP.
>
>How is the correct way to DROP ip's with such a large number
>and I do segments like
>243.155.27.0/24
>kind of entries. so each address is not individual.
>
Are you using an ipset with with firewalld? I've not done it
on Ubuntu, but on CentOS and observed no performance hit.
My blacklist consisted of over 40,000 entries, more than half
were */24 to */15 type entries. Originally constructed to
block whole countries.
Jon
--
Jon H. LaBadie ubu at labadie.us
More information about the ubuntu-users
mailing list