On 05/31/2018 09:33 PM, incoming-pythonli...@rjl.com wrote:
I wrote scripts that read the list and generated a rule per network.
It can be slow, but has worked reliably for many years. Since it is a
mailserver, performance has not been a big issue. I am in the process
of designing a replacement. If you enter your list of networks as a
separate iptables list, then you only need to call that list when the
traffic is on the relevant port(s), so you avoid traversing the list
for other services.
*nod*
Thank you for sharing.
I've done something similar with IPSets and recently using routing with
reverse path filtering.
I've found all of the above to be quite effective.
--
Grant. . . .
unix || die
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
