[pve-devel] Creating of a 2nd blacklist with many blocked IPs
Cesar Peschiera
brain at click.com.py
Sun Oct 26 22:31:56 CET 2014
Hi Detlef
I guess that your firewall not be functioning optimally if you add the
130.00 rules in ipset, due to that for each network packet the firewall must
do 130.000 checks.
A suggestion: when i need add all ip address of a country, or several
countries, is better use a program that have a data base ordered for this
kind of cases, and add a plugin to iptables, of this manner iptables is
extremely fast for check the rules. Of course that i have it installed in
several production environments and i get great satisfactions.
This technology works with ipv4 and ipv6
For know about of this technology, please see these web links:
Xtables-addons:
http://xtables-addons.sourceforge.net/
Xtables-addons modules:
http://xtables-addons.sourceforge.net/modules.php
Xtables-addons man page:
http://dev.medozas.de/files/xtables/xtables-addons.8.html
MaxMind GeoIP:
http://geolite.maxmind.com/download/geoip/database
How to for Centos:
http://www.howtoforge.com/xtables-addons-on-centos-6-and-iptables-geoip-filtering
----- Original Message -----
From: "Detlef Bracker" <bracker at 1awww.com>
To: <pve-devel at pve.proxmox.com>
Sent: Sunday, October 26, 2014 11:26 AM
Subject: [pve-devel] Creating of a 2nd blacklist with many blocked IPs
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
More information about the pve-devel
mailing list