On Jan 27, 2011 3:27 PM, "frankhunt" <fh-li...@frankhunt.com> wrote: > > Which method of blocking large numbers of IPs is the least consumptive > of system resources?
Getting your ISP to block them. Next down would be iptables with an efficient "match many hosts" module - thousands of rules are relatively costly. Don't forget to send an "admin prohibited" back, though, or they will keep sending SYN packets at you. Htaccess is about the least efficient way - at the far end of efficiency in Apache, which is way out in user-space. Does it really matter, though, given how over-powered your CPU is likely to be compared to your network bandwidth? Regards, Daniel I also second the "are you sure"; personally I use fail2ban to block hostile addresses more selectively. -- Puppet Labs Developer – http://puppetlabs.com Daniel Pittman <dan...@rimspace.net> Contact me via gtalk, email, or phone: +1 (503) 893-2285 Sent from a mobile device; please forgive brevity and typos. _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug