On 01/02/2018 11:12 AM, Brian J. Murrell wrote: > I wonder what the thoughts are on being able to blacklist subnets using > shorewall blacklist, specifically with ipsets. > > Of course subnets could be expanded and applied at a list of hosts > using shorewall blacklist, but surely there is a performance issue with > that, no? >
The 'blacklist' command accepts subnets already. Note that if you create your own blacklist ipset, it's type must be hash:net for this to work. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
