Re: new, not nice web bots disposal

To: debian-user Mailing List <debian-user@lists.debian.org>
Subject: Re: new, not nice web bots disposal
From: Roger Price <debian@rogerprice.org>
Date: Wed, 26 Feb 2020 12:40:39 +0100 (CET)
Message-id: <[🔎] alpine.LSU.2.20.2002261233290.5507@titan>
In-reply-to: <[🔎] 20200226111026.GQ17632@randomstring.org>
References: <[🔎] 202002260357.51369.gheskett@shentel.net> <[🔎] 20200226111026.GQ17632@randomstring.org>

On Wed, 26 Feb 2020, Dan Ritter wrote:

If you find yourself needing to add lots more rules, you might want togenerate a "set" instead of individual rules:
http://ipset.netfilter.org/
https://www.linuxjournal.com/content/advanced-firewall-configurations-ipset
might be useful.

I find ipsets the natural way of setting up rules. I run a script which blockswhole countries, taking the country data fromhttp://ipverse.net/ipblocks/data/countries/

Simple and efficient. I once had a set with 140000 (yes, 140 thousand) ipblocksin an ipset with no apparent performance hit.


Roger

Reply to:

Follow-Ups:
- Re: new, not nice web bots disposal
  - From: Klaus Singvogel <deb-user-ml@singvogel.net>
- Re: new, not nice web bots disposal
  - From: Gene Heskett <gheskett@shentel.net>

References:
- new, not nice web bots disposal
  - From: Gene Heskett <gheskett@shentel.net>
- Re: new, not nice web bots disposal
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: new, not nice web bots disposal
Next by Date: looking for a nftables gui
Previous by thread: Re: new, not nice web bots disposal
Next by thread: Re: new, not nice web bots disposal
Index(es):
- Date
- Thread