On 2017-10-04 17:21, Alan McKinnon wrote: > I'd suggest you use a packet filter, but not on Linux and certainly not > iptables. That thing is a god-awful mess looking like it was built by > unsupervised schoolkids masquerading as internes. The best tool for this > is the pf packet filter, but it runs on FreeBSD. Get yourself a spare > machine, load pfsense on it (it's an appliance like wrt) and drop the > traffic from all offensive addresses. Drop, not reject.
FWIW, I have considered doing what you suggest here, but the problem with pfsense (and its fork opnsense as well) is it only runs on x86; I think one of them won't even run on amd64, or perhaps the other way around. But definitely no arm at cetera, so you can't install them on a Pi or something. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. Do obvious transformation on domain to reply privately _only_ on Usenet.