[lug] keeping up with attacks
Zan Lynx
zlynx at acm.org
Sun May 5 14:34:44 MDT 2019
On Sun, 2019-05-05 at 12:10 -0600, Michael J. Hammel wrote:
> There are concerns over iptables affecting performance of the server,
> but I really only use ipsets (despite what I said originally). And I
> ban the heck of IPs.
Performance of iptables gets very, very bad if you just create simple
rule lists. But ipsets work great. Very efficient.
Before ipsets there were some very hacky Python scripts that would
divide up your block lists into multiple rule chains by IP address
prefix in order to get the rule processing time down to reasonable
levels. Luckily we no longer need those.
--
Knowledge is Power -- Power Corrupts
Study Hard -- Be Evil
More information about the LUG
mailing list