firewalld with HUGE list of ip to drop
ubuntu-users-list at thomas.freit.ag
ubuntu-users-list at thomas.freit.ag
Thu Apr 11 09:21:55 UTC 2024
Hi Jerry,
On 11.04.24 00:08, Jerry Geis wrote:
> Seems once I have gotten past the "threshold" which I dont know how
> many that is - network performance DROPS considerably with many IP's in the
> list to drop
>
> The file to drop has at least 57000+ lines of IP addresses that have
> attempted some kind of access to my servers. Either unwanted SSH, HTTP,
> HTTPS or SIP.
Handling large lists is costly and at some list size not feasible any more. A better
scaling would be possible if you use IP sets. Switching from your lists to IP sets is
not a big issue.
I suggest https://kinvolk.io/blog/2020/09/performance-benchmark-analysis-of-egress-filtering-on-linux/
as a good read. It covers a lot of Linux filtering possibilities very nicely.
Another approach might be (depending on your usecase) to switch from list of IPs and networks to drop to
a general drop policy and a list of IPs network to accept. However, it depends on how you get this kind
of information and how you are able to manage these lists.
hth,
Thomas
More information about the ubuntu-users
mailing list