On Wednesday 26 February 2020 06:40:39 Roger Price wrote: > On Wed, 26 Feb 2020, Dan Ritter wrote: > > If you find yourself needing to add lots more rules, you might want > > to generate a "set" instead of individual rules: > > > > http://ipset.netfilter.org/ > > https://www.linuxjournal.com/content/advanced-firewall-configuration > >s-ipset might be useful. > > I find ipsets the natural way of setting up rules. I run a script > which blocks whole countries, taking the country data from > http://ipverse.net/ipblocks/data/countries/ > > Simple and efficient. I once had a set with 140000 (yes, 140 > thousand) ipblocks in an ipset with no apparent performance hit. > > Roger Roger, and anyone else following along, I am blocking 12544 with 49 rules. based on 49 rules, each blocking /24 addresses. Seems to be sufficient.
Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
