Me personally, I'm less interested in an "all-US" or "all-non-US"
list. What I'm interested in is the most efficient blocklist,
representing the smallest number of large IP blocks that can restrict
the highest percentage of of unauthorized activity.
Along those lines, I can see some Class A's and B's being blacklisted
if they're outside the US, but what I don't want is to mess with lots
of blocks that are intermingled with foreign and potentially legit IP
space, therefore creating very large rulesets - I'd rather let F2B
handle those sources individually.
Has anybody created anything like this?
I built a blacklist based in tcpwrappers that blocked a good 90+% of
unauthorized activity. I wonder if anybody else has done this with iptables?
At 04:08 PM 8/27/2019, Kenneth Porter wrote:
--On Tuesday, August 27, 2019 10:37 AM +0100 Nick Howitt
<[email protected]> wrote:
FWIW if you are trying to block all non-US, I would expect it would be a
lot more efficient to generate a US only list then block all on no match
with the following in your iptables rule:
-m set ! --match-set US-list
How would you construct that list? I suspect the values in the
IPDeny US list don't cover the rest of the space and there may be
desirable addresses in the remaining space. It would be interesting
to compute a negative list of all addresses in the full list and see
what's in there.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
