On Thu, 2011-01-27 at 15:49 -0800, Tim wrote: > > Which method of blocking large numbers of IPs is the least consumptive > > of system resources? > > iptables is most likely more efficient, though it may be harder to > manage. I also am not sure how well it scales when you have thousands > of individual IP addresses. However, it is efficient for blocking > groups of IPs. > > > I have been using IPtables for several years but > > am curious as to whether it is the best way to go when blocking hundreds > > of IPs - like maybe for ALL of China and/or Korea for instance. > > You may want to rethink the approach of blocking whole countries. > For some time a friend of mine was blocking all of China and Korea to > cut down on spam. However, just recently he was workign for a client > in one of those countries and just couldn't figure out why he couldn't > receive their email. He had forgotten about the blocking. > > There's no telling if/when you'll run into similar issues, and it may > not be related to traffic you can anticipate will go to/from those > countries. (Think geographically distributed services you use every > day.) > > A better approach to cut down on noise might be to block traffic from > IPs on public blacklists like the spamhaus XBL: > http://www.spamhaus.org/xbl/ > > I'm not sure if that specific blacklist is convenient to use with > iptables, but that would be a better approach in my book. > > HTH, > tim
for iptables blocklists, i've had good success with PeerGuardian, packaged as pgld and pglcmd for most distros. i will say i have had better luck with the pgld/pglcmd combo than with moblock/blockcontrol packages. PeerGuardian supports lots of blocklists that you opt into during dpkg configurtaion, separated by various types of bad behaviors. it also supports whitelisting and custom blocklists, so fine-tuning's very doable. one thing to be aware of is that it needs to start up after your other firewall rules. while i've had good luck with this, depending on your needs, ymmv. regards, nathan _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
