as xml file for Russia or for the Bahamas. If you are using firewalld, you can use my predefined drop zone e.g. The process is single-threaded, so also on servers with many CPU cores this is gonna takes some time. ufw behaves much better, a reboot of the Ubuntu test system with the full IPv4 and IPv4 Russian test set performed reasonably well.įor fully automated servers that run automatic updates and reboots and can have a rather large latency after a reboot, the firewalld method should be fine though. This is the reason, why I recommend the “Just block it already” method for most servers, because it scales much better. So if the rule setup takes 20 minutes, you need to wait for firewalld to finish startup before you can even ssh into the machine. During the firewall setup, you can’t ssh into the host. WARNING: firewalld can take ages to boot with large listsĪdding large blocklists makes firewall-cmd -reload take a long time! On my test machine it took 20 minutes for the following example on each reboot. See the section “List of mirrored blocklists” below in case the above stated link is not working. Select the country you would like to block and use CIDR as Format. Obtain the current country block lists from Obtaining and activating the blocklist ( firewalld and ufw)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |