On 05/01/2016 03:32 PM, Noel Jones wrote:
have false positives. Reserve firewall blocks for persistent
offenders since debugging a firewalled false positive is far more
difficult.
And when you firewall make it short-lived.
IP addresses change, and long-lived firewall rules have unintended
consequences.
If they really are spamming a bunch of people, the IP address gets
blacklisted enough that they've moved on fairly quickly anyway, leaving
whoever acquired the IP after them blocked from your server.
