JH>> Does anyone know of an alternative to ipset for blocking IP
JH>> ranges of entire countries, that works with OpenVZ containers?
av> If you want to do exactly that, simply use CIDR notation with -s
av> parameter.
Using IPTABLES ... or did you mean with ipset? I can't use ipset in this
specific case, and listing thousands of nets using IPTABLES is usually a bad
idea.
av> However, if you need (just a guess) to protect SSH against
av> bruteforcing the passwords, that's normally performed a bit
av> differently.
I prefer using F2B, it works quite well if you up blocking time to something
like 24-48 hours.
-joho
---
* Origin: code.code.code (2:20/4609)
|